[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v3 1/3] xen/arm: Add memory overlap check for bootinfo.reserved_mem

  • To: Julien Grall <julien@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Henry Wang <Henry.Wang@xxxxxxx>
  • Date: Tue, 31 Jan 2023 02:25:08 +0000
  • Accept-language: zh-CN, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UMDPrCse9C468YL8oipJD7KpwWoj4gt3JDyEH20o2P0=; b=dUeQJ6JcKreypcJ386SItCILYCaZa8AoefrdSnCDpdLnesWFiqOdi3MH3jAjmRNi70NlGoCTJCeNvanENO5MzwGe0ZKCYtQ8fmomlRqxif7DzgfdAI7WkPTP2HPu1UQfiEOvhyUyws+2zsx2vhdY5Os19gae2qK5fCEgkCcilGyINoQ9/3yTBAH59w9IoOuEs6IOSSD4HQ6p1yv3LtG6JgB5CwIhpH1/PiybeP7lZX3Oe6p943FiXKaMd41gMKxMuy3RfNkyC9Vmai1pFyEzaCQNVABzyxyL4AF8ZJLKAZHI1a407G9vuSVk0mWmtNoJSH3QV+nLJcF+IPq1SiodGQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WHk6437HIuCACtTHeQvQ8RVbyANHr/vPILZT9cPKiWNEI9Lr5kYFMowxf8R+wZ9BfFrWaLIBwg/34F/e8oepQoofPL2YQilbyRvQpSfh4/V0F3q2TptmlCeQXrF05v4PHyV+fyTcCyMmO0YhPw3z2vLd58nv637hRV6xQ/h/N/1/WIxWoh0n5onNR8j8/27OBZcGqiuHpzHj34BJ0y20/3QJdEA32yrYScZB/6Yp5c/Z+2L9nulXfY/uAerqtVUbG2x/Ag33grIGl7Wk11QN5wj0pSpE4thGUp9Ms8ZOa59QueWXZ7CC/15DV9vu3jORLEkWzg55puGhcnVwL26hlg==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Tue, 31 Jan 2023 02:26:07 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHZNGA1IwnnIsRmjEGECQ4jTGRpG663gnMAgAA6SvA=
  • Thread-topic: [PATCH v3 1/3] xen/arm: Add memory overlap check for bootinfo.reserved_mem
Hi Julien,

> -----Original Message-----
> From: Julien Grall <julien@xxxxxxx>
> Subject: Re: [PATCH v3 1/3] xen/arm: Add memory overlap check for
> bootinfo.reserved_mem
> 
> Hi Henry,
> 
> > +{
> > +    paddr_t bank_start = INVALID_PADDR, bank_end = 0;
> > +    paddr_t region_end = region_start + region_size;
> > +    unsigned int i, bank_num = meminfo->nr_banks;
> > +
> > +    for ( i = 0; i < bank_num; i++ )
> > +    {
> > +        bank_start = meminfo->bank[i].start;
> > +        bank_end = bank_start + meminfo->bank[i].size;
> > +
> > +        if ( region_end <= bank_start || region_start >= bank_end )
> 
> ... it clearly shows how this check would be wrong when either the bank
> or the region is at the end of the address space. You may say it doesn't
> overlap when it could (e.g. when region_end < region_start).

Here do you mean if the region is at the end of the addr space,
"region_start + region_end" will overflow and cause
region_end < region_start? If so...

> 
> That said, unless we rework 'bank', we would not properly solve the
> problem. But that's likely a bigger piece of work and not something I
> would request.
> 
> So for now, I would suggest to add a comment. Stefano, what do you think?

...I am not really sure if simply adding a comment here would help,
because when the overflow happens, we are already doomed because
of the messed-up device tree.

Would adding a `BUG_ON(region_end < region_start)` make sense to you?

> 
> > +            continue;
> > +        else
> > +        {
> > +            printk("Region: [%#"PRIpaddr", %#"PRIpaddr"] overlapping with
> bank[%u]: [%#"PRIpaddr", %#"PRIpaddr"]\n",
> 
> ']' usually mean inclusive. But here, 'end' is exclusive. So you want '['.

Oh, now I understand the misunderstanding in our communication in v1:
I didn't know '[' means exclusive because I was educated to use ')' [1] so I
thought you meant inclusive. Sorry for this.

To keep consistency, may I use ')' here? Because I think this is the current
way in the code base, for example see:
xen/include/xen/numa.h L99: [*start, *end)
xen/drivers/passthrough/amd/iommu_acpi.c L177: overlap [%lx,%lx)

> 
> This could be fixed on commit.
> 
> BTW, the same comments applies for the second patch.

I will fix this patch and #2 in v4.

[1] 
https://en.wikipedia.org/wiki/Interval_(mathematics)#Including_or_excluding_endpoints

Kind regards,
Henry

> 
> Cheers,
> 
> --
> Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.