| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 May 2010 09:53:50 +1000 From: Benjamin Herrenschmidt <benh@...nel.crashing.org> To: James Bottomley <James.Bottomley@...senPartnership.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Nicolas Pitre <nico@...vell.com>, Jamie Lokier <jamie@...reable.org>, Saeed Bishara <saeed@...vell.com>, "James E.J. Bottomley" <jejb@...isc-linux.org>, FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>, "Shilimkar, Santosh" <santosh.shilimkar@...com>, Andrew Morton <akpm@...ux-foundation.org>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> Subject: Re: Rampant ext3/4 corruption on 2.6.34-rc7 with VIVT ARM (Marvell 88f5182) > > Well if the driver can peek at the data after the sync, and have any > > kind of ordering guarantee that it doesn't get stale data (the load > > isn't prefetched or speculated early), that would require an mb() or at > > least rmb(). > > So the guarantee that it doesn't look at stale data after the sync on a > cache coherent machine means ordering the dma write to physical memory > with the subsequent cpu read ... no memory barrier can actually do that. > Usually this is done externally, by making sure the memory change is > visible before sending the irq that tells the driver it is there ... on > some numa systems, this can be a problem (hence the mmiowb/relaxed read > thing). Right. I was more thinking about something along the lines of the device writes to some descriptor and then queues it up in a list. So we have two different DMA data structures with a data dependency. The question is whether the driver can expect to just do the sync, read the queue, then sync again, then read the descriptor, or does it also need an explicit rmb in between ? Let's assume that the ordering is maintained at the DMA -> coherency domain level, the question is will the sync op be guaranteed to toss prefetch / speculative loads ? (IE. Guarantee the order of the two loads done by the CPU) or do we need an explicit rmb. > > It would seem sensible for drivers to assume that something like > > dma_cache_sync_for_cpu() thus has the semantics of an rmb() at least, > > no ? > > I still don't see why ... I don't see how you'd ever get a read of the > area speculated before the event that tells the driver its OK to read > the memory. In theory, I agree that it looks logical to require the > read never be speculated before the sync ... but in practice, I don't > see there ever being a problem with this since the sync isn't the event > that says the memory is safe to read. Cheers, Ben. > James > > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@...ts.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists