Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits

From: Robin Murphy
Date: Mon Dec 11 2023 - 11:13:48 EST

Next message: James Clark: "[PATCH v7 00/11] arm64: perf: Add support for event counting threshold"
Previous message: piro yang: "Re: [PATCH] staging:vme_user:fix the issue of using the wrong error code"
In reply to: Mark Rutland: "Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits"
Next in thread: Mark Rutland: "Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2023-12-11 3:39 pm, Mark Rutland wrote:

On Mon, Dec 11, 2023 at 03:30:24PM +0000, Will Deacon wrote:

On Mon, Dec 11, 2023 at 03:01:27PM +0000, Robin Murphy wrote:

On 2023-12-11 1:27 pm, Will Deacon wrote:

On Wed, Nov 29, 2023 at 05:43:00PM +0000, Robin Murphy wrote:

Return the Root Complex/Named Component memory address size limit as an
inclusive limit value, rather than an exclusive size. This saves us
having to special-case 64-bit overflow, and simplifies our caller too.

Signed-off-by: Robin Murphy <robin.murphy@xxxxxxx>
---
drivers/acpi/arm64/dma.c | 9 +++------
drivers/acpi/arm64/iort.c | 18 ++++++++----------
include/linux/acpi_iort.h | 4 ++--
3 files changed, 13 insertions(+), 18 deletions(-)

[...]

diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
index 6496ff5a6ba2..eb64d8e17dd1 100644
--- a/drivers/acpi/arm64/iort.c
+++ b/drivers/acpi/arm64/iort.c
@@ -1367,7 +1367,7 @@ int iort_iommu_configure_id(struct device *dev, const u32 *input_id)
{ return -ENODEV; }
#endif
-static int nc_dma_get_range(struct device *dev, u64 *size)
+static int nc_dma_get_range(struct device *dev, u64 *limit)
{
struct acpi_iort_node *node;
struct acpi_iort_named_component *ncomp;
@@ -1384,13 +1384,12 @@ static int nc_dma_get_range(struct device *dev, u64 *size)
return -EINVAL;
}
- *size = ncomp->memory_address_limit >= 64 ? U64_MAX :
- 1ULL<<ncomp->memory_address_limit;
+ *limit = (1ULL << ncomp->memory_address_limit) - 1;

The old code handled 'ncomp->memory_address_limit >= 64' -- why is it safe
to drop that? You mention it in the cover letter, so clearly I'm missing
something!

Because an unsigned shift by 64 or more generates 0 (modulo 2^64), thus
subtracting 1 results in the correct all-bits-set value for an inclusive
64-bit limit.

Oh, I'd have thought you'd have gotten one of those "left shift count >=
width of type" warnings if you did that.

I think you'll get a UBSAN splat, but here the compiler doesn't know what
'ncomp->memory_address_limit' will be and so doesn't produce a compile-time
warning.

Regardless, it's undefined behaviour.

Urgh, you're right... I double-checked 6.5.7.4 in the standard but managed to miss 6.5.7.3. So yeah, even though "4 << 62" or "2 << 63" are well-defined here, "1 << 64" isn't, dang. Thanks, funky old ISAs which did weird things for crazy large shifts and have no relevance to this code :(

Cheers,
Robin.

Next message: James Clark: "[PATCH v7 00/11] arm64: perf: Add support for event counting threshold"
Previous message: piro yang: "Re: [PATCH] staging:vme_user:fix the issue of using the wrong error code"
In reply to: Mark Rutland: "Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits"
Next in thread: Mark Rutland: "Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]