Re: [PATCH] iommu: Sanity check on param list for iommu_get_resv_regions

From: Dawei Li
Date: Thu Sep 28 2023 - 04:57:52 EST

Next message: Charles Keepax: "Re: [PATCH] ASoC: cs42l43: Remove useless else"
Previous message: Alexandra Winter: "Re: [PATCH net-next v4 00/18] net/smc: implement virtual ISM extension and loopback-ism"
In reply to: Baolu Lu: "Re: [PATCH] iommu: Sanity check on param list for iommu_get_resv_regions"
Next in thread: Baolu Lu: "Re: [PATCH] iommu: Sanity check on param list for iommu_get_resv_regions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
Thanks for reviewing,

On Thu, Sep 28, 2023 at 09:33:29AM +0800, Baolu Lu wrote:
> On 9/27/23 10:25 PM, Dawei Li wrote:
> > In iommu_get_resv_regions(), param list is an argument supplied by caller,
> > into which callee is supposed to insert resv regions.
> >
> > In other words, this 'list' argument is expected to be an empty list,
> > so make an explicit annotation on it.
> >
> > Signed-off-by: Dawei Li <set_pte_at@xxxxxxxxxxx>
> > ---
> > drivers/iommu/iommu.c | 9 +++++----
> > 1 file changed, 5 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> > index 1ecac2b5c54f..a01c4a7a9d19 100644
> > --- a/drivers/iommu/iommu.c
> > +++ b/drivers/iommu/iommu.c
> > @@ -813,7 +813,7 @@ int iommu_get_group_resv_regions(struct iommu_group *group,
> > mutex_lock(&group->mutex);
> > for_each_group_device(group, device) {
> > - struct list_head dev_resv_regions;
> > + LIST_HEAD(dev_resv_regions);
> > /*
> > * Non-API groups still expose reserved_regions in sysfs,
> > @@ -822,7 +822,6 @@ int iommu_get_group_resv_regions(struct iommu_group *group,
> > if (!device->dev->iommu)
> > break;
> > - INIT_LIST_HEAD(&dev_resv_regions);
> > iommu_get_resv_regions(device->dev, &dev_resv_regions);
> > ret = iommu_insert_device_resv_regions(&dev_resv_regions, head);
> > iommu_put_resv_regions(device->dev, &dev_resv_regions);
> > @@ -1061,12 +1060,11 @@ static int iommu_create_device_direct_mappings(struct iommu_domain *domain,
> > struct device *dev)
> > {
> > struct iommu_resv_region *entry;
> > - struct list_head mappings;
> > unsigned long pg_size;
> > + LIST_HEAD(mappings);
> > int ret = 0;
> > pg_size = domain->pgsize_bitmap ? 1UL << __ffs(domain->pgsize_bitmap) : 0;
> > - INIT_LIST_HEAD(&mappings);
> > if (WARN_ON_ONCE(iommu_is_dma_domain(domain) && !pg_size))
> > return -EINVAL;
> > @@ -2813,6 +2811,9 @@ void iommu_get_resv_regions(struct device *dev, struct list_head *list)
> > {
> > const struct iommu_ops *ops = dev_iommu_ops(dev);
> > + if (WARN_ON(!list_empty(list)))
> > + return;
>
> I don't understand why the input list *must* be empty. This interface

Because @list is an output-only argument, which is supposed to be filled
by caller(inserting elements into it). If it's not empty, it's an inputing
argument, in which case caller will take existing node (in @list) into account,
and insert new nodes before/after them.
Please lemme put it another way, if list argment is not empty:

Before calling:
list: head->A

After calling
list: head->A->B->C

It will confuse caller cuz it can't tell whether A is a valid returned
by callee.

> has already been exported, so please update the comment to explain this
> new requirement.
>
> > +
> > if (ops->get_resv_regions)
> > ops->get_resv_regions(dev, list);
> > }
>
> Best regards,
> baolu

Next message: Charles Keepax: "Re: [PATCH] ASoC: cs42l43: Remove useless else"
Previous message: Alexandra Winter: "Re: [PATCH net-next v4 00/18] net/smc: implement virtual ISM extension and loopback-ism"
In reply to: Baolu Lu: "Re: [PATCH] iommu: Sanity check on param list for iommu_get_resv_regions"
Next in thread: Baolu Lu: "Re: [PATCH] iommu: Sanity check on param list for iommu_get_resv_regions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]