All of lore.kernel.org
 help / color / mirror / Atom feed
From: Robin Murphy <robin.murphy-5wv7dgnIgG8@public.gmane.org>
To: Auger Eric <eric.auger-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	Andrew Jones <drjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: linux-acpi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
	sudeep.holla-5wv7dgnIgG8@public.gmane.org
Subject: Re: [PATCH 1/2] ACPI/IORT: Handle potential overflow in iort_dma_setup
Date: Mon, 14 Jan 2019 11:10:08 +0000	[thread overview]
Message-ID: <7acdfce6-0a0b-bf68-c5ff-8979721f4e83@arm.com> (raw)
In-Reply-To: <fbf8dc04-6f80-b30b-c9ef-87fa3a33d0ec-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

On 10/01/2019 10:44, Auger Eric wrote:
> Hi Robin, Drew,
> 
> On 12/19/18 2:18 PM, Andrew Jones wrote:
>> On Wed, Dec 19, 2018 at 12:21:35PM +0000, Robin Murphy wrote:
>>> On 18/12/2018 18:48, Andrew Jones wrote:
>>>> The sum of dmaaddr and size may overflow, particularly considering
>>>> there are cases where size will be U64_MAX.
>>>
>>> Only if the firmware is broken in the first place, though. It would be weird
>>> to describe an explicit _DMA range of base=0 and size=U64_MAX, because it's
>>> effectively the same as just not having one at all, but it's not strictly
>>> illegal. However, since the ACPI System Memory address space is at most
>>> 64-bit, anything that would actually overflow here is already describing an
>>> impossibility - really, we should probably scream even louder about a
>>> firmware bug and reject it entirely, rather than quietly hiding it.
>>
>> Ah, looking again I see the paths. Either acpi_dma_get_range() returns
>> success, in which case base and size are fine, or it returns an EINVAL,
>> in which case base=size=0, or it returns ENODEV in which case base is
>> zero, so size may be set to U64_MAX by rc_dma_get_range() with no problem.
>> The !dev_is_pci(dev) path is also fine since base=0.
> 
> So practically putting an explicit memory_address_limit=64 is harmless
> as dmaaddr always is 0, right?
> 
> In QEMU I intended to update the ACPI code to comply with the rev D
> spec. in that case the RC table revision is 1 (rev D) and the
> memory_address_limit needs to be filled. If we don't want to restrict
> the limit, isn't it the right choice to set 64 here?

Indeed, the Memory Address Size Limit doesn't cater for offsets so can't 
run into this kind of overflow in the first place. For a fully-emulated 
PCI hierarchy I'd say 64 is not just harmless but in fact entirely 
correct - you're going to have more fun with VFIO passthrough if the 
host tables have more restrictive limits, but I guess that's a problem 
for the future ;)

Robin.

  parent reply	other threads:[~2019-01-14 11:10 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-18 18:48 [PATCH 0/2] ACPI/IORT: handle potential overflows Andrew Jones
     [not found] ` <20181218184841.20034-1-drjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2018-12-18 18:48   ` [PATCH 1/2] ACPI/IORT: Handle potential overflow in iort_dma_setup Andrew Jones
     [not found]     ` <20181218184841.20034-2-drjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2018-12-19 12:21       ` Robin Murphy
     [not found]         ` <1503e3b8-1a6c-3b66-fa1e-d13f4e19f31f-5wv7dgnIgG8@public.gmane.org>
2018-12-19 13:18           ` Andrew Jones
     [not found]             ` <20181219131849.hziujd5zgclangce-gVz1Vyx/EOXkZJWtSm8s3NvLeJWuRmrY@public.gmane.org>
2019-01-10 10:44               ` Auger Eric
     [not found]                 ` <fbf8dc04-6f80-b30b-c9ef-87fa3a33d0ec-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-14 11:10                   ` Robin Murphy [this message]
     [not found]                     ` <7acdfce6-0a0b-bf68-c5ff-8979721f4e83-5wv7dgnIgG8@public.gmane.org>
2019-01-14 15:29                       ` Auger Eric
2018-12-18 18:48   ` [PATCH 2/2] iommu/dma: Handle potential overflow in iommu_dma_init_domain Andrew Jones
     [not found]     ` <20181218184841.20034-3-drjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2018-12-19 13:02       ` Robin Murphy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7acdfce6-0a0b-bf68-c5ff-8979721f4e83@arm.com \
    --to=robin.murphy-5wv7dgnigg8@public.gmane.org \
    --cc=drjones-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=eric.auger-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=linux-acpi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=sudeep.holla-5wv7dgnIgG8@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.