From: Mark Rutland <mark.rutland@arm.com>
To: Will Deacon <will@kernel.org>
Cc: Robin Murphy <robin.murphy@arm.com>,
Joerg Roedel <joro@8bytes.org>, Christoph Hellwig <hch@lst.de>,
Vineet Gupta <vgupta@kernel.org>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Huacai Chen <chenhuacai@kernel.org>,
WANG Xuerui <kernel@xen0n.name>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Lorenzo Pieralisi <lpieralisi@kernel.org>,
Hanjun Guo <guohanjun@huawei.com>,
Sudeep Holla <sudeep.holla@arm.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Niklas Schnelle <schnelle@linux.ibm.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Rob Herring <robh+dt@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux-acpi@vger.kernel.org,
iommu@lists.linux.dev, devicetree@vger.kernel.org
Subject: Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits
Date: Mon, 11 Dec 2023 15:39:56 +0000 [thread overview]
Message-ID: <ZXctTJ-q9e1FPBhH@FVFF77S0Q05N.cambridge.arm.com> (raw)
In-Reply-To: <20231211153023.GA26048@willie-the-truck>
On Mon, Dec 11, 2023 at 03:30:24PM +0000, Will Deacon wrote:
> On Mon, Dec 11, 2023 at 03:01:27PM +0000, Robin Murphy wrote:
> > On 2023-12-11 1:27 pm, Will Deacon wrote:
> > > On Wed, Nov 29, 2023 at 05:43:00PM +0000, Robin Murphy wrote:
> > > > Return the Root Complex/Named Component memory address size limit as an
> > > > inclusive limit value, rather than an exclusive size. This saves us
> > > > having to special-case 64-bit overflow, and simplifies our caller too.
> > > >
> > > > Signed-off-by: Robin Murphy <robin.murphy@arm.com>
> > > > ---
> > > > drivers/acpi/arm64/dma.c | 9 +++------
> > > > drivers/acpi/arm64/iort.c | 18 ++++++++----------
> > > > include/linux/acpi_iort.h | 4 ++--
> > > > 3 files changed, 13 insertions(+), 18 deletions(-)
> > >
> > > [...]
> > >
> > > > diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
> > > > index 6496ff5a6ba2..eb64d8e17dd1 100644
> > > > --- a/drivers/acpi/arm64/iort.c
> > > > +++ b/drivers/acpi/arm64/iort.c
> > > > @@ -1367,7 +1367,7 @@ int iort_iommu_configure_id(struct device *dev, const u32 *input_id)
> > > > { return -ENODEV; }
> > > > #endif
> > > > -static int nc_dma_get_range(struct device *dev, u64 *size)
> > > > +static int nc_dma_get_range(struct device *dev, u64 *limit)
> > > > {
> > > > struct acpi_iort_node *node;
> > > > struct acpi_iort_named_component *ncomp;
> > > > @@ -1384,13 +1384,12 @@ static int nc_dma_get_range(struct device *dev, u64 *size)
> > > > return -EINVAL;
> > > > }
> > > > - *size = ncomp->memory_address_limit >= 64 ? U64_MAX :
> > > > - 1ULL<<ncomp->memory_address_limit;
> > > > + *limit = (1ULL << ncomp->memory_address_limit) - 1;
> > >
> > > The old code handled 'ncomp->memory_address_limit >= 64' -- why is it safe
> > > to drop that? You mention it in the cover letter, so clearly I'm missing
> > > something!
> >
> > Because an unsigned shift by 64 or more generates 0 (modulo 2^64), thus
> > subtracting 1 results in the correct all-bits-set value for an inclusive
> > 64-bit limit.
>
> Oh, I'd have thought you'd have gotten one of those "left shift count >=
> width of type" warnings if you did that.
I think you'll get a UBSAN splat, but here the compiler doesn't know what
'ncomp->memory_address_limit' will be and so doesn't produce a compile-time
warning.
Regardless, it's undefined behaviour.
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Will Deacon <will@kernel.org>
Cc: Robin Murphy <robin.murphy@arm.com>,
Joerg Roedel <joro@8bytes.org>, Christoph Hellwig <hch@lst.de>,
Vineet Gupta <vgupta@kernel.org>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Huacai Chen <chenhuacai@kernel.org>,
WANG Xuerui <kernel@xen0n.name>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Lorenzo Pieralisi <lpieralisi@kernel.org>,
Hanjun Guo <guohanjun@huawei.com>,
Sudeep Holla <sudeep.holla@arm.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Niklas Schnelle <schnelle@linux.ibm.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Rob Herring <robh+dt@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux-acpi@vger.kernel.org,
iommu@lists.linux.dev, devicetree@vger.kernel.org
Subject: Re: [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits
Date: Mon, 11 Dec 2023 15:39:56 +0000 [thread overview]
Message-ID: <ZXctTJ-q9e1FPBhH@FVFF77S0Q05N.cambridge.arm.com> (raw)
In-Reply-To: <20231211153023.GA26048@willie-the-truck>
On Mon, Dec 11, 2023 at 03:30:24PM +0000, Will Deacon wrote:
> On Mon, Dec 11, 2023 at 03:01:27PM +0000, Robin Murphy wrote:
> > On 2023-12-11 1:27 pm, Will Deacon wrote:
> > > On Wed, Nov 29, 2023 at 05:43:00PM +0000, Robin Murphy wrote:
> > > > Return the Root Complex/Named Component memory address size limit as an
> > > > inclusive limit value, rather than an exclusive size. This saves us
> > > > having to special-case 64-bit overflow, and simplifies our caller too.
> > > >
> > > > Signed-off-by: Robin Murphy <robin.murphy@arm.com>
> > > > ---
> > > > drivers/acpi/arm64/dma.c | 9 +++------
> > > > drivers/acpi/arm64/iort.c | 18 ++++++++----------
> > > > include/linux/acpi_iort.h | 4 ++--
> > > > 3 files changed, 13 insertions(+), 18 deletions(-)
> > >
> > > [...]
> > >
> > > > diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
> > > > index 6496ff5a6ba2..eb64d8e17dd1 100644
> > > > --- a/drivers/acpi/arm64/iort.c
> > > > +++ b/drivers/acpi/arm64/iort.c
> > > > @@ -1367,7 +1367,7 @@ int iort_iommu_configure_id(struct device *dev, const u32 *input_id)
> > > > { return -ENODEV; }
> > > > #endif
> > > > -static int nc_dma_get_range(struct device *dev, u64 *size)
> > > > +static int nc_dma_get_range(struct device *dev, u64 *limit)
> > > > {
> > > > struct acpi_iort_node *node;
> > > > struct acpi_iort_named_component *ncomp;
> > > > @@ -1384,13 +1384,12 @@ static int nc_dma_get_range(struct device *dev, u64 *size)
> > > > return -EINVAL;
> > > > }
> > > > - *size = ncomp->memory_address_limit >= 64 ? U64_MAX :
> > > > - 1ULL<<ncomp->memory_address_limit;
> > > > + *limit = (1ULL << ncomp->memory_address_limit) - 1;
> > >
> > > The old code handled 'ncomp->memory_address_limit >= 64' -- why is it safe
> > > to drop that? You mention it in the cover letter, so clearly I'm missing
> > > something!
> >
> > Because an unsigned shift by 64 or more generates 0 (modulo 2^64), thus
> > subtracting 1 results in the correct all-bits-set value for an inclusive
> > 64-bit limit.
>
> Oh, I'd have thought you'd have gotten one of those "left shift count >=
> width of type" warnings if you did that.
I think you'll get a UBSAN splat, but here the compiler doesn't know what
'ncomp->memory_address_limit' will be and so doesn't produce a compile-time
warning.
Regardless, it's undefined behaviour.
Mark.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-12-11 15:40 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 17:42 [PATCH 0/7] dma-mapping: Clean up arch_setup_dma_ops() Robin Murphy
2023-11-29 17:42 ` Robin Murphy
2023-11-29 17:42 ` [PATCH 1/7] OF: Retire dma-ranges mask workaround Robin Murphy
2023-11-29 17:42 ` Robin Murphy
2023-11-30 14:46 ` Rob Herring
2023-11-30 14:46 ` Rob Herring
2023-11-29 17:42 ` [PATCH 2/7] OF: Simplify DMA range calculations Robin Murphy
2023-11-29 17:42 ` Robin Murphy
2023-11-30 0:46 ` Jason Gunthorpe
2023-11-30 0:46 ` Jason Gunthorpe
2023-11-30 14:56 ` Rob Herring
2023-11-30 14:56 ` Rob Herring
2023-11-29 17:43 ` [PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits Robin Murphy
2023-11-29 17:43 ` Robin Murphy
2023-11-30 0:39 ` Jason Gunthorpe
2023-11-30 0:39 ` Jason Gunthorpe
2023-12-11 13:27 ` Will Deacon
2023-12-11 13:27 ` Will Deacon
2023-12-11 15:01 ` Robin Murphy
2023-12-11 15:01 ` Robin Murphy
2023-12-11 15:30 ` Will Deacon
2023-12-11 15:30 ` Will Deacon
2023-12-11 15:36 ` Jason Gunthorpe
2023-12-11 15:36 ` Jason Gunthorpe
2023-12-11 15:37 ` Robin Murphy
2023-12-11 15:37 ` Robin Murphy
2023-12-11 15:39 ` Mark Rutland [this message]
2023-12-11 15:39 ` Mark Rutland
2023-12-11 16:13 ` Robin Murphy
2023-12-11 16:13 ` Robin Murphy
2023-12-11 15:37 ` Mark Rutland
2023-12-11 15:37 ` Mark Rutland
2023-11-29 17:43 ` [PATCH 4/7] dma-mapping: Add helpers for dma_range_map bounds Robin Murphy
2023-11-29 17:43 ` Robin Murphy
2023-11-29 20:40 ` Jason Gunthorpe
2023-11-29 20:40 ` Jason Gunthorpe
2023-11-30 6:11 ` kernel test robot
2023-11-30 6:11 ` kernel test robot
2023-12-04 8:43 ` Christoph Hellwig
2023-12-04 8:43 ` Christoph Hellwig
2023-11-29 17:43 ` [PATCH 5/7] iommu/dma: Make limit checks self-contained Robin Murphy
2023-11-29 17:43 ` Robin Murphy
2023-11-29 20:43 ` Jason Gunthorpe
2023-11-29 20:43 ` Jason Gunthorpe
2023-11-29 17:43 ` [PATCH 6/7] iommu/dma: Centralise iommu_setup_dma_ops() Robin Murphy
2023-11-29 17:43 ` Robin Murphy
2023-11-29 20:50 ` Jason Gunthorpe
2023-11-29 20:50 ` Jason Gunthorpe
2023-11-29 17:43 ` [PATCH 7/7] dma-mapping: Simplify arch_setup_dma_ops() Robin Murphy
2023-11-29 17:43 ` Robin Murphy
2023-11-30 5:23 ` kernel test robot
2023-12-04 8:44 ` Christoph Hellwig
2023-12-04 8:44 ` Christoph Hellwig
2023-12-04 12:54 ` Robin Murphy
2023-12-04 12:54 ` Robin Murphy
2023-11-29 20:36 ` [PATCH 0/7] dma-mapping: Clean up arch_setup_dma_ops() Jason Gunthorpe
2023-11-29 20:36 ` Jason Gunthorpe
2023-12-01 13:07 ` Robin Murphy
2023-12-01 13:07 ` Robin Murphy
2023-12-01 13:57 ` Jason Gunthorpe
2023-12-01 13:57 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZXctTJ-q9e1FPBhH@FVFF77S0Q05N.cambridge.arm.com \
--to=mark.rutland@arm.com \
--cc=aou@eecs.berkeley.edu \
--cc=baolu.lu@linux.intel.com \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=decui@microsoft.com \
--cc=devicetree@vger.kernel.org \
--cc=dwmw2@infradead.org \
--cc=frowand.list@gmail.com \
--cc=gerald.schaefer@linux.ibm.com \
--cc=guohanjun@huawei.com \
--cc=haiyangz@microsoft.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=jgg@ziepe.ca \
--cc=joro@8bytes.org \
--cc=kernel@xen0n.name \
--cc=kys@microsoft.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=lpieralisi@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mjrosato@linux.ibm.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=robh+dt@kernel.org \
--cc=robin.murphy@arm.com \
--cc=schnelle@linux.ibm.com \
--cc=sudeep.holla@arm.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tsbogend@alpha.franken.de \
--cc=vgupta@kernel.org \
--cc=wei.liu@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.