On Mon, 2022-12-19 at 14:16 -0500, Matthew Rosato wrote:
> On 11/21/22 4:40 PM, Eric Farman wrote:
> > The rules of an IDAW are fairly simple: Each one can move no
> > more than a defined amount of data, must not cross the
> > boundary defined by that length, and must be aligned to that
> > length as well. The first IDAW in a list is special, in that
> > it does not need to adhere to that alignment, but the other
> > rules still apply. Thus, by reading the first IDAW in a list,
> > the number of IDAWs that will comprise a data transfer of a
> > particular size can be calculated.
> >
> > Let's factor out the reading of that first IDAW with the
> > logic that calculates the length of the list, to simplify
> > the rest of the routine that handles the individual IDAWs.
> >
> > Signed-off-by: Eric Farman <farman@xxxxxxxxxxxxx>
> > ---
> > drivers/s390/cio/vfio_ccw_cp.c | 39 ++++++++++++++++++++++++++----
> > ----
> > 1 file changed, 30 insertions(+), 9 deletions(-)
> >
> > diff --git a/drivers/s390/cio/vfio_ccw_cp.c
> > b/drivers/s390/cio/vfio_ccw_cp.c
> > index a30f26962750..34a133d962d1 100644
> > --- a/drivers/s390/cio/vfio_ccw_cp.c
> > +++ b/drivers/s390/cio/vfio_ccw_cp.c
> > @@ -496,23 +496,25 @@ static int ccwchain_fetch_tic(struct ccw1
> > *ccw,
> > return -EFAULT;
> > }
> >
> > -static int ccwchain_fetch_ccw(struct ccw1 *ccw,
> > - struct page_array *pa,
> > - struct channel_program *cp)
> > +/*
> > + * ccw_count_idaws() - Calculate the number of IDAWs needed to
> > transfer
> > + * a specified amount of data
> > + *
> > + * @ccw: The Channel Command Word being translated
> > + * @cp: Channel Program being processed
> > + */
> > +static int ccw_count_idaws(struct ccw1 *ccw,
> > + struct channel_program *cp)
> > {
> > struct vfio_device *vdev =
> > &container_of(cp, struct vfio_ccw_private, cp)-
> > >vdev;
> > u64 iova;
> > - unsigned long *idaws;
> > int ret;
> > int bytes = 1;
> > - int idaw_nr, idal_len;
> > - int i;
> >
> > if (ccw->count)
> > bytes = ccw->count;
> >
> > - /* Calculate size of IDAL */
> > if (ccw_is_idal(ccw)) {
> > /* Read first IDAW to see if it's 4K-aligned or
> > not. */
> > /* All subsequent IDAws will be 4K-aligned. */
> > @@ -522,7 +524,26 @@ static int ccwchain_fetch_ccw(struct ccw1
> > *ccw,
> > } else {
> > iova = ccw->cda;
> > }
> > - idaw_nr = idal_nr_words((void *)iova, bytes);
> > +
> > + return idal_nr_words((void *)iova, bytes);
> > +}
> > +
> > +static int ccwchain_fetch_ccw(struct ccw1 *ccw,
> > + struct page_array *pa,
> > + struct channel_program *cp)
> > +{
> > + struct vfio_device *vdev =
> > + &container_of(cp, struct vfio_ccw_private, cp)-
> > >vdev;
> > + unsigned long *idaws;
> > + int ret;
> > + int idaw_nr, idal_len;
> > + int i;
> > +
> > + /* Calculate size of IDAL */
> > + idaw_nr = ccw_count_idaws(ccw, cp);
> > + if (idaw_nr < 0)
> > + return idaw_nr;
> > +
>
> What about if we get a 0 back from ccw_count_idaws? The next thing
> we're going to do (not shown here) is kcalloc(0, sizeof(*idaws)),
> which I think means you'll get back ZERO_SIZE_PTR, not a null
> pointer.
While it's true that the idal_nr_words routines could return zero, I
don't see how the ccw_count_idaws routine which calls it could do the
same. We added a check for a zero data count with commit 453eac312445e
("s390/cio: Allow zero-length CCWs in vfio-ccw"), such that a CCW that
has no length will cause us to allocate -something- that would be valid
for the channel to use, even if it's not going to put anything in/out
of it.
>
> > idal_len = idaw_nr * sizeof(*idaws);
> >
> > /* Allocate an IDAL from host storage */
> > @@ -555,7 +576,7 @@ static int ccwchain_fetch_ccw(struct ccw1 *ccw,
> > for (i = 0; i < idaw_nr; i++)
> > pa->pa_iova[i] = idaws[i];
> > } else {
> > - pa->pa_iova[0] = iova;
> > + pa->pa_iova[0] = ccw->cda;
> > for (i = 1; i < pa->pa_nr; i++)
> > pa->pa_iova[i] = pa->pa_iova[i - 1] +
> > PAGE_SIZE;
> > }
>
