From: Baolu Lu <baolu.lu@linux•intel.com>
To: Guanghui Feng <guanghuifeng@linux•alibaba.com>, jgg@ziepe•ca
Cc: adrian.larumbe@collabora•com, airlied@gmail•com,
alex@shazbot•org, alikernel-developer@linux•alibaba.com,
boris.brezillon@collabora•com, dri-devel@lists•freedesktop.org,
dwmw2@infradead•org, iommu@lists•linux.dev, joro@8bytes•org,
kevin.tian@intel•com, kvm@vger•kernel.org,
linux-arm-kernel@lists•infradead.org,
linux-kernel@vger•kernel.org, liviu.dudau@arm•com,
maarten.lankhorst@linux•intel.com, mripard@kernel•org,
oliver.yang@linux•alibaba.com, robh@kernel•org,
robin.murphy@arm•com, shiyu.zsq@linux•alibaba.com,
steven.price@arm•com, suravee.suthikulpanit@amd•com,
tzimmermann@suse•de, wei.guo.simon@linux•alibaba.com,
will@kernel•org, xlpang@linux•alibaba.com
Subject: Re: [PATCH v3 05/32] iommu/generic_pt: implement iova_to_phys_length
Date: Thu, 4 Jun 2026 11:30:37 +0800 [thread overview]
Message-ID: <c179b999-8c7f-4338-8aad-b61fd09f1329@linux.intel.com> (raw)
In-Reply-To: <20260603151804.1963871-6-guanghuifeng@linux.alibaba.com>
On 6/3/26 23:17, Guanghui Feng wrote:
> Extend the Generic Page Table framework to implement iova_to_phys_length.
> Use pt_entry_oa_lg2sz() to determine PTE block size. Update
> IOMMU_PT_DOMAIN_OPS macro to set .iova_to_phys_length.
>
> Signed-off-by: Guanghui Feng <guanghuifeng@linux•alibaba.com>
> Acked-by: Shiqiang Zhang <shiyu.zsq@linux•alibaba.com>
> Acked-by: Simon Guo <wei.guo.simon@linux•alibaba.com>
> ---
> drivers/iommu/generic_pt/iommu_pt.h | 84 +++++++++++++++++++++--------
> include/linux/generic_pt/iommu.h | 13 ++---
> 2 files changed, 69 insertions(+), 28 deletions(-)
>
> diff --git a/drivers/iommu/generic_pt/iommu_pt.h b/drivers/iommu/generic_pt/iommu_pt.h
> index dc91fb4e2f61..e362e819ef9c 100644
> --- a/drivers/iommu/generic_pt/iommu_pt.h
> +++ b/drivers/iommu/generic_pt/iommu_pt.h
> @@ -145,13 +145,21 @@ static inline unsigned int compute_best_pgsize(struct pt_state *pts,
> pts->range->va, pts->range->last_va, oa);
> }
>
> -static __always_inline int __do_iova_to_phys(struct pt_range *range, void *arg,
> - unsigned int level,
> - struct pt_table_p *table,
> - pt_level_fn_t descend_fn)
> +struct iova_to_phys_length_data {
> + pt_oaddr_t phys;
> + size_t length;
> +};
> +
> +static __always_inline int __do_iova_to_phys_length(struct pt_range *range,
> + void *arg, unsigned int level,
> + struct pt_table_p *table,
> + pt_level_fn_t descend_fn)
> {
> struct pt_state pts = pt_init(range, level, table);
> - pt_oaddr_t *res = arg;
> + struct iova_to_phys_length_data *data = arg;
> + unsigned int entry_lg2sz;
> + size_t entry_sz;
> + pt_oaddr_t expected_oa;
>
> switch (pt_load_single_entry(&pts)) {
> case PT_ENTRY_EMPTY:
> @@ -159,45 +167,77 @@ static __always_inline int __do_iova_to_phys(struct pt_range *range, void *arg,
> case PT_ENTRY_TABLE:
> return pt_descend(&pts, arg, descend_fn);
> case PT_ENTRY_OA:
> - *res = pt_entry_oa_exact(&pts);
> - return 0;
> + break;
> }
> - return -ENOENT;
> +
> + data->phys = pt_entry_oa_exact(&pts);
> + entry_lg2sz = pt_entry_oa_lg2sz(&pts);
> + entry_sz = log2_to_int(entry_lg2sz);
> +
> + /* Start with the full mapping size of the first entry */
> + data->length = entry_sz;
data->length doesn't account for iova offset. Is this by design? We
should document this clearly somewhere.
Sashiko reported the same issue too.
[Severity: High]
Does this calculation overstate the mapped length for unaligned IOVAs?
If the IOVA is not aligned to the PTE block size, pt_entry_oa_exact()
includes the intra-page offset in data->phys. However, data->length
is unconditionally initialized to the full entry_sz rather than
entry_sz - offset. Callers relying on mapped_length might operate
on out-of-bounds memory because data->phys + data->length extends
beyond the valid mapped physical memory by the unaligned offset amount.
> +
> + /* Accumulate subsequent physically contiguous entries */
> + expected_oa = pt_entry_oa(&pts) + entry_sz;
> + pts.end_index = log2_to_int(pt_num_items_lg2(&pts));
> + pt_next_entry(&pts);
> +
> + while (pts.index < pts.end_index) {
> + pt_load_entry(&pts);
> + if (pts.type != PT_ENTRY_OA)
> + break;
> + if (pt_entry_oa_lg2sz(&pts) != entry_lg2sz)
> + break;
> + if (pt_entry_oa(&pts) != expected_oa)
> + break;
> + data->length += entry_sz;
> + expected_oa += entry_sz;
> + pt_next_entry(&pts);
> + }
> +
> + return 0;
> }
> -PT_MAKE_LEVELS(__iova_to_phys, __do_iova_to_phys);
> +PT_MAKE_LEVELS(__iova_to_phys_length, __do_iova_to_phys_length);
>
> /**
> - * iova_to_phys() - Return the output address for the given IOVA
> + * iova_to_phys_length() - Translate IOVA returning phys and contiguous length
> * @domain: Table to query
> * @iova: IO virtual address to query
> + * @mapped_length: Output for the total contiguous mapped length in bytes
> *
> - * Determine the output address from the given IOVA. @iova may have any
> - * alignment, the returned physical will be adjusted with any sub page offset.
> + * Walk the IOMMU page table to translate @iova to a physical address while
> + * also returning the total contiguous physically mapped length through
> + * @mapped_length. The function accumulates consecutive page table entries that
> + * are physically contiguous, so callers can determine the full contiguous
> + * mapping extent with a single call.
> *
> * Context: The caller must hold a read range lock that includes @iova.
> *
> - * Return: 0 if there is no translation for the given iova.
> + * Return: The physical address, or PHYS_ADDR_MAX if there is no translation.
> */
> -phys_addr_t DOMAIN_NS(iova_to_phys)(struct iommu_domain *domain,
> - dma_addr_t iova)
> +phys_addr_t DOMAIN_NS(iova_to_phys_length)(struct iommu_domain *domain,
> + dma_addr_t iova,
> + size_t *mapped_length)
> {
> struct pt_iommu *iommu_table =
> container_of(domain, struct pt_iommu, domain);
> struct pt_range range;
> - pt_oaddr_t res;
> + struct iova_to_phys_length_data data;
> int ret;
>
> ret = make_range(common_from_iommu(iommu_table), &range, iova, 1);
> if (ret)
> - return ret;
> + return PHYS_ADDR_MAX;
>
> - ret = pt_walk_range(&range, __iova_to_phys, &res);
> - /* PHYS_ADDR_MAX would be a better error code */
> + ret = pt_walk_range(&range, __iova_to_phys_length, &data);
> if (ret)
> - return 0;
> - return res;
> + return PHYS_ADDR_MAX;
> +
> + if (mapped_length)
> + *mapped_length = data.length;
> + return data.phys;
> }
> -EXPORT_SYMBOL_NS_GPL(DOMAIN_NS(iova_to_phys), "GENERIC_PT_IOMMU");
> +EXPORT_SYMBOL_NS_GPL(DOMAIN_NS(iova_to_phys_length), "GENERIC_PT_IOMMU");
>
> struct pt_iommu_dirty_args {
> struct iommu_dirty_bitmap *dirty;
> diff --git a/include/linux/generic_pt/iommu.h b/include/linux/generic_pt/iommu.h
> index dd0edd02a48a..859b853e9dc7 100644
> --- a/include/linux/generic_pt/iommu.h
> +++ b/include/linux/generic_pt/iommu.h
> @@ -249,8 +249,9 @@ struct pt_iommu_cfg {
>
> /* Generate the exported function signatures from iommu_pt.h */
> #define IOMMU_PROTOTYPES(fmt) \
> - phys_addr_t pt_iommu_##fmt##_iova_to_phys(struct iommu_domain *domain, \
> - dma_addr_t iova); \
> + phys_addr_t pt_iommu_##fmt##_iova_to_phys_length( \
> + struct iommu_domain *domain, dma_addr_t iova, \
> + size_t *mapped_length); \
> int pt_iommu_##fmt##_read_and_clear_dirty( \
> struct iommu_domain *domain, unsigned long iova, size_t size, \
> unsigned long flags, struct iommu_dirty_bitmap *dirty); \
> @@ -267,11 +268,11 @@ struct pt_iommu_cfg {
> IOMMU_PROTOTYPES(fmt)
>
> /*
> - * A driver uses IOMMU_PT_DOMAIN_OPS to populate the iommu_domain_ops for the
> - * iommu_pt
> + * A driver uses IOMMU_PT_DOMAIN_OPS to populate the iommu_domain_ops for
> + * the iommu_pt
> */
> -#define IOMMU_PT_DOMAIN_OPS(fmt) \
> - .iova_to_phys = &pt_iommu_##fmt##_iova_to_phys
> +#define IOMMU_PT_DOMAIN_OPS(fmt) \
> + .iova_to_phys_length = &pt_iommu_##fmt##_iova_to_phys_length
> #define IOMMU_PT_DIRTY_OPS(fmt) \
> .read_and_clear_dirty = &pt_iommu_##fmt##_read_and_clear_dirty
>
Thanks,
baolu
next prev parent reply other threads:[~2026-06-04 3:31 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260529115116.GR2487554@ziepe.ca>
2026-05-31 9:36 ` [PATCH 0/9] iommu: introduce iova_to_phys_length for efficient IOVA-to-physical translation Guanghui Feng
2026-05-31 9:36 ` [PATCH 1/9] iommu: introduce iova_to_phys_length in iommu_domain_ops Guanghui Feng
2026-05-31 23:51 ` Jason Gunthorpe
2026-06-01 8:41 ` guanghuifeng
2026-06-01 13:43 ` Jason Gunthorpe
2026-06-01 14:14 ` guanghuifeng
2026-06-01 14:31 ` Jason Gunthorpe
2026-05-31 9:36 ` [PATCH 2/9] iommu/io-pgtable: introduce iova_to_phys_length in io_pgtable_ops Guanghui Feng
2026-05-31 9:36 ` [PATCH 3/9] iommu/generic_pt: implement iova_to_phys_length Guanghui Feng
2026-05-31 23:54 ` Jason Gunthorpe
2026-06-01 9:23 ` guanghuifeng
[not found] ` <fa924b86-1ca9-4819-8330-0d5f6ede8923@linux.alibaba.com>
2026-06-01 14:32 ` Jason Gunthorpe
2026-06-02 7:20 ` guanghuifeng
2026-06-02 12:32 ` Jason Gunthorpe
2026-05-31 9:36 ` [PATCH 4/9] iommu/arm-smmu: " Guanghui Feng
2026-05-31 9:36 ` [PATCH 5/9] iommu: apple-dart/ipmmu/mtk_iommu " Guanghui Feng
2026-05-31 9:36 ` [PATCH 6/9] iommu: direct page-table drivers " Guanghui Feng
2026-05-31 9:36 ` [PATCH 7/9] vfio/iommufd: use iova_to_phys_length for efficient unmap Guanghui Feng
2026-05-31 23:58 ` Jason Gunthorpe
2026-05-31 9:36 ` [PATCH 8/9] drm/gpu, iommu/io-pgtable: switch to iova_to_phys_length Guanghui Feng
2026-05-31 9:36 ` [PATCH 9/9] iommu: remove deprecated iova_to_phys from domain_ops and io_pgtable_ops Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 00/30] iommu: introduce iova_to_phys_length for efficient IOVA-to-physical translation Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 01/30] iommu: introduce iova_to_phys_length in iommu_domain_ops Guanghui Feng
2026-06-03 1:08 ` Jason Gunthorpe
2026-06-02 10:46 ` [PATCH v2 02/30] iommu/io-pgtable-arm: introduce iova_to_phys_length in io_pgtable_ops Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 03/30] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 04/30] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 05/30] iommu/generic_pt: implement iova_to_phys_length Guanghui Feng
2026-06-03 1:11 ` Jason Gunthorpe
2026-06-02 10:46 ` [PATCH v2 06/30] iommu/arm-smmu-v3: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 07/30] iommu/arm-smmu: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 08/30] iommu/qcom_iommu: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 09/30] iommu/apple-dart: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 10/30] iommu/ipmmu-vmsa: " Guanghui Feng
2026-06-03 1:13 ` Jason Gunthorpe
2026-06-02 10:46 ` [PATCH v2 11/30] iommu/mtk_iommu: " Guanghui Feng
2026-06-03 1:17 ` Jason Gunthorpe
2026-06-02 10:46 ` [PATCH v2 12/30] iommu/exynos: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 13/30] iommu/fsl_pamu: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 14/30] iommu/msm: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 15/30] iommu/mtk_v1: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 16/30] iommu/omap: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 17/30] iommu/rockchip: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 18/30] iommu/s390: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 19/30] iommu/sprd: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 20/30] iommu/sun50i: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 21/30] iommu/tegra-smmu: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 22/30] iommu/virtio: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 23/30] vfio/iommufd: use iova_to_phys_length for efficient unmap Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 24/30] drm/panfrost: switch to iova_to_phys_length Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 25/30] drm/panthor: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 26/30] iommu/io-pgtable: selftests " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 27/30] iommu/io-pgtable-arm: remove deprecated iova_to_phys wrapper Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 28/30] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 29/30] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-02 10:46 ` [PATCH v2 30/30] iommu: remove iova_to_phys from domain_ops and io_pgtable_ops Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 00/32] iommu: introduce iova_to_phys_length and remove iova_to_phys Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 01/32] iommu: introduce iova_to_phys_length in iommu_domain_ops Guanghui Feng
2026-06-04 2:44 ` Baolu Lu
2026-06-04 14:16 ` Jason Gunthorpe
2026-06-03 15:17 ` [PATCH v3 02/32] iommu/io-pgtable-arm: introduce iova_to_phys_length in io_pgtable_ops Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 03/32] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 04/32] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 05/32] iommu/generic_pt: implement iova_to_phys_length Guanghui Feng
2026-06-04 3:30 ` Baolu Lu [this message]
2026-06-04 14:12 ` Jason Gunthorpe
2026-06-03 15:17 ` [PATCH v3 06/32] iommu/arm-smmu-v3: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 07/32] iommu/arm-smmu: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 08/32] iommu/qcom_iommu: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 09/32] iommu/apple-dart: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 10/32] iommu/ipmmu-vmsa: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 11/32] iommu/mtk_iommu: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 12/32] iommu/exynos: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 13/32] iommu/fsl_pamu: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 14/32] iommu/msm: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 15/32] iommu/mtk_v1: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 16/32] iommu/omap: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 17/32] iommu/rockchip: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 18/32] iommu/s390: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 19/32] iommu/sprd: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 20/32] iommu/sun50i: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 21/32] iommu/tegra-smmu: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 22/32] iommu/virtio: " Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 23/32] vfio: use iova_to_phys_length for efficient unmap Guanghui Feng
2026-06-04 14:27 ` Jason Gunthorpe
2026-06-03 15:17 ` [PATCH v3 24/32] iommufd: " Guanghui Feng
2026-06-04 14:26 ` Jason Gunthorpe
2026-06-03 15:17 ` [PATCH v3 25/32] iommufd/selftest: switch to iommu_iova_to_phys_length Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 26/32] drm/panfrost: switch to iova_to_phys_length Guanghui Feng
2026-06-03 15:17 ` [PATCH v3 27/32] drm/panthor: " Guanghui Feng
2026-06-03 15:18 ` [PATCH v3 28/32] iommu/io-pgtable: selftests " Guanghui Feng
2026-06-03 15:18 ` [PATCH v3 29/32] iommu/io-pgtable-arm: remove deprecated iova_to_phys wrapper Guanghui Feng
2026-06-03 15:18 ` [PATCH v3 30/32] iommu/io-pgtable-arm-v7s: " Guanghui Feng
2026-06-03 15:18 ` [PATCH v3 31/32] iommu/io-pgtable-dart: " Guanghui Feng
2026-06-03 15:18 ` [PATCH v3 32/32] iommu: remove iova_to_phys from domain_ops and io_pgtable_ops Guanghui Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c179b999-8c7f-4338-8aad-b61fd09f1329@linux.intel.com \
--to=baolu.lu@linux$(echo .)intel.com \
--cc=adrian.larumbe@collabora$(echo .)com \
--cc=airlied@gmail$(echo .)com \
--cc=alex@shazbot$(echo .)org \
--cc=alikernel-developer@linux$(echo .)alibaba.com \
--cc=boris.brezillon@collabora$(echo .)com \
--cc=dri-devel@lists$(echo .)freedesktop.org \
--cc=dwmw2@infradead$(echo .)org \
--cc=guanghuifeng@linux$(echo .)alibaba.com \
--cc=iommu@lists$(echo .)linux.dev \
--cc=jgg@ziepe$(echo .)ca \
--cc=joro@8bytes$(echo .)org \
--cc=kevin.tian@intel$(echo .)com \
--cc=kvm@vger$(echo .)kernel.org \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=liviu.dudau@arm$(echo .)com \
--cc=maarten.lankhorst@linux$(echo .)intel.com \
--cc=mripard@kernel$(echo .)org \
--cc=oliver.yang@linux$(echo .)alibaba.com \
--cc=robh@kernel$(echo .)org \
--cc=robin.murphy@arm$(echo .)com \
--cc=shiyu.zsq@linux$(echo .)alibaba.com \
--cc=steven.price@arm$(echo .)com \
--cc=suravee.suthikulpanit@amd$(echo .)com \
--cc=tzimmermann@suse$(echo .)de \
--cc=wei.guo.simon@linux$(echo .)alibaba.com \
--cc=will@kernel$(echo .)org \
--cc=xlpang@linux$(echo .)alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox