On Thu, Aug 03, 2023 at 03:07:23AM +0000, Liu, Yi L wrote:
> > > > It's not so explicit though. Perhaps worth to have a check like below in this patch?
> > > >
> > > > if (unlikely(klen > sizeof(union ucmd_buffer)))
> > > > return -EINVAL;
> > >
> > > Yes, stick this in the domain allocate path with a WARN_ON. The driver
> > > is broken to allocate a domain with an invalid size.
> >
> > And here too with a WARN_ON_ONCE.
> >
> > + /*
> > + * Either the driver is broken by having an invalid size, or the user
> > + * invalidate data struct used by the driver is missing in the union.
> > + */
> > + if (WARN_ON_ONCE(hwpt->domain->ops->cache_invalidate_user &&
> > + (!hwpt->domain->ops->cache_invalidate_user_data_len ||
> > + hwpt->domain->ops->cache_invalidate_user_data_len >
> > + sizeof(union ucmd_buffer)))) {
> > + rc = -EINVAL;
> > + goto out_abort;
> > +
> > + }
> >
> > Though I am making this cache_invalidate_user optional here, I
> > wonder if there actually could be a case that a user-managed
> > domain doesn't need a cache_invalidate_user op...
>
> If user-managed domain is the stage-1 domain in nested, then seems not
> possible as cache invalidate is a must. But I think this logic is fine as not
> all the domains allocated by the user is user-managed. It may be kernel
> managed like the s2 domains.
Oh, I forgot to mention that this piece is in the user-managed
HWPT allocator, following Jason's suggestion to separate them.
So, perhaps should just mark it mandatory:
+ if (WARN_ON_ONCE(!hwpt->domain->ops->cache_invalidate_user ||
+ !hwpt->domain->ops->cache_invalidate_user_data_len ||
+ hwpt->domain->ops->cache_invalidate_user_data_len >
+ sizeof(union iommu_user_cache_invalidate))) {
+ rc = -EINVAL;
+ goto out_abort;
+ }
