On Sat, Jun 27, 2020 at 08:57:14AM -0400, Peter Xu wrote:
> On Sat, Jun 27, 2020 at 03:26:45AM -0400, Yan Zhao wrote:
> > > - assert(entry->iova >= notifier->start && entry_end <= notifier->end);
> > > + if (notifier->notifier_flags & IOMMU_NOTIFIER_ARBITRARY_MASK) {
> > > + tmp.iova = MAX(tmp.iova, notifier->start);
> > > + tmp.addr_mask = MIN(tmp.addr_mask, notifier->end);
> > NIT:
> > tmp.addr_mask = MIN(entry_end, notifier->end) - tmp.iova;
>
> Right. Thanks. :)
>
> > > + assert(tmp.iova <= tmp.addr_mask);
> > no this assertion then.
>
> Or change it into:
>
> assert(MIN(entry_end, notifier->end) >= tmp.iova);
>
> To double confirm no overflow.
>
what about assert in this way, so that it's also useful to check overflow
in the other condition.
hwaddr entry_end = entry->iova + entry->addr_mask;
+
+ assert(notifier->end >= notifer->start && entry_end >= entry->iova);
then as there's a following filter
if (notifier->start > entry_end || notifier->end < entry->iova) {
return;
}
we can conclude that
entry_end >= entry->iova(tmp.iova)
entry_end >= notifier->start,
--> entry_end >= MAX(tmp.iova, notfier->start)
--> entry_end >= tmp.iova
notifier->end >= entry->iova (tmp.iova),
notifier->end >= notifer->start,
--> notifier->end >= MAX(tmp.iova, nofier->start)
--> notifier->end >= tmp.iova
==> MIN(end_end, notifer->end) >= tmp.iova
Thanks
Yan
