Re: [PATCH v3 4/5] iommu/s390: Fix incorrect aperture check
From: Niklas Schnelle
Date: Fri Sep 30 2022 - 04:01:53 EST
On Thu, 2022-09-29 at 12:58 -0300, Jason Gunthorpe wrote:
> On Thu, Sep 29, 2022 at 05:33:01PM +0200, Niklas Schnelle wrote:
> > The domain->geometry.aperture_end specifies the last valid address treat
> > it as such when checking if a DMA address is valid.
> >
> > Reviewed-by: Pierre Morel <pmorel@xxxxxxxxxxxxx>
> > Reviewed-by: Matthew Rosato <mjrosato@xxxxxxxxxxxxx>
> > Signed-off-by: Niklas Schnelle <schnelle@xxxxxxxxxxxxx>
> > ---
> > drivers/iommu/s390-iommu.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/iommu/s390-iommu.c b/drivers/iommu/s390-iommu.c
> > index ed0e64f478cf..6d4a9c7db32c 100644
> > --- a/drivers/iommu/s390-iommu.c
> > +++ b/drivers/iommu/s390-iommu.c
> > @@ -210,7 +210,7 @@ static int s390_iommu_update_trans(struct s390_domain *s390_domain,
> > int rc = 0;
> >
> > if (dma_addr < s390_domain->domain.geometry.aperture_start ||
> > - dma_addr + size > s390_domain->domain.geometry.aperture_end)
> > + dma_addr + size > s390_domain->domain.geometry.aperture_end + 1)
>
> The reason the iommu layer uses 'last' (= start + size - 1) not 'end'
> is to allow for the very last byte of the range to be used.
>
> Meaning (start + size) == 0 in some cases due to the overflow.
>
> Generally when working with lasts's I prefer people write code in a
> way that doesn't trigger the overflow, because there are some
> complicated C rules about integer promotion that can mean the desired
> overflow silently doesn't happen in obscure cases - especially if
> unsigned long != u64
>
> So, I'd write this as:
>
> (dma_addr + size - 1) > s390_domain->domain.geometry.aperture_end
>
> Jason
Makes sense. Thanks.