Re: [PATCH v4 2/3] iommu/iova: Avoid double-negatives in magazine helpers

[John Garry]

On 18/01/2021 12:59, Robin Murphy wrote:
> > > > > for cpu_rcaches too, and get a similar abort at runtime.
> > > > It's not specifically that we expect them (allocation failures for the
> > > > loaded magazine), rather we should make safe against it.
> > > >
> > > > So could you be more specific in your concern for the cpu_rcache 
> > > > failure?
> > > > cpu_rcache magazine assignment comes from this logic.
> > > If this fails:
> > >
> > > drivers/iommu/iova.c:847: rcache->cpu_rcaches = 
> > > __alloc_percpu(sizeof(*cpu_rcache), cache_line_size());
> > >
> > > then we'll get an Oops in __iova_rcache_get(). So if we're making the
> > > module safer against magazine allocation failure, shouldn't we also
> > > protect against cpu_rcaches allocation failure?
> >
> > Ah, gotcha. So we have the WARN there, but that's not much use as this 
> > would still crash, as you say.
> >
> > So maybe we can embed the cpu rcaches in iova_domain struct, to avoid 
> > the separate (failable) cpu rcache allocation.
>
> Is that even possible? The size of percpu data isn't known at compile 
> time, so at best it would add ugly runtime complexity to any allocation 
> of a struct iova_domain by itself, but worse than that it means that 
> embedding iova_domain in any other structure becomes completely broken, no?

Ah, now I see that it's not possible. I was thinking of using 
DEFINE_PER_CPU(), but it's not permitted.

So even though this patch saves us from cpu_rcache->loaded / ->prev == 
NULL, I still prefer not to add explicit checks for cpu_rcache == NULL 
in the IOVA alloc/free paths, and would rather pass an error back in 
init_iova_rcaches(), but adding code for tidy-up looks messy.

Thanks,
John