On 04/10/2021 12:38, Will Deacon wrote:
Hi Will,
To avoid this, stop using double-negatives, like !iova_magazine_full() and
!iova_magazine_empty(), and use positive tests, like
iova_magazine_has_space() and iova_magazine_has_pfns(), respectively; these
can safely deal with cpu_rcache->{loaded, prev} = NULL.
I don't understand why you're saying that things like !iova_magazine_empty()
are double-negatives. What about e.g. !list_empty() elsewhre in the kernel?
IMO, a check for an empty magazine is a negative check, as opposed to a
check for availability.
But I'm not saying that patterns like !list_empty() are a bad practice.
I'm just saying that they are not NULL safe, and that matters in this
case as we can potentially pass a NULL pointer.
The crux of the fix seems to be:
@@ -783,8 +787,9 @@ static bool __iova_rcache_insert(struct iova_caching_domain
*rcached,
if (new_mag) {
spin_lock(&rcache->lock);
if (rcache->depot_size < MAX_GLOBAL_MAGS) {
- rcache->depot[rcache->depot_size++] =
- cpu_rcache->loaded;
+ if (cpu_rcache->loaded)
+ rcache->depot[rcache->depot_size++] =
+ cpu_rcache->loaded;
Which could be independent of the renaming?
If cpu_rcache->loaded was NULL, then we crash before we reach this code.
Anyway, since I earlier reworked init_iova_rcaches() to properly handle
failed mem allocations for rcache->cpu_rcaches, I can rework further to
fail the init for failed mem allocations for cpu_rcaches->loaded, so we
don't need this change.
Thanks,
John
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
