lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <47896BA8.4030609@shaw.ca>
Date:	Sat, 12 Jan 2008 19:38:48 -0600
From:	Robert Hancock <hancockr@...w.ca>
To:	James Bottomley <James.Bottomley@...senPartnership.com>
Cc:	Alexander <aledin@...l.ru>, linux-kernel@...r.kernel.org,
	ide <linux-ide@...r.kernel.org>, Jeff Garzik <jeff@...zik.org>,
	Tejun Heo <htejun@...il.com>
Subject: Re: PROBLEM REMAINS: [sata_nv ADMA breaks ATAPI] Crash	on	accessing
 DVD-RAM

James Bottomley wrote:
> On Sat, 2008-01-12 at 17:04 -0600, Robert Hancock wrote:
>> I don't think the problem is that there's some buffer which is getting 
>> allocated above 4GB and never bounced, since the problem goes away if 
>> ADMA is disabled entirely and the DMA mask remains 32-bit always. My 
>> guess is something is basing its decision on whether to bounce or not on 
>> the device DMA mask. That can't possibly work properly for sata_nv since 
>> the same PCI device has 2 ports, one of which can be in ADMA mode and 
>> 64-bit capable and the other can be in legacy mode and only 32-bit capable.
> 
> Erm, well, you can't decouple them.  Having a differing blk queue bounce
> mask and device mask is going to cause huge trouble.  The reason is this
> insidious nasty called swiotlb.  Basically, with it enabled (and again,
> it can be on ia64 or x86_64), the kernel can bypass the bounce limit
> safe in the knowledge that swiotlb will fix up behind in the dma_map_
> Unfortunately, if the device mask doesn't match the queue mask then
> swiotlb will never kick in and you'll end up with mapped pages beyond
> the 4GB limit.

Yuck.. All the IOMMU DMA mapping code checks against the device DMA 
mask, so it looks like if we get to the point of doing the DMA mapping 
on >4GB addresses in libata we're screwed with this approach.

The key problem is that both ata_ports share the same struct device with 
one DMA mask which really doesn't match what this controller wants. I 
wonder if we could do a different struct device for each port?

Other than that, I guess the solutions would be to just set a 32-bit 
mask on the device if either port has an ATAPI device connected (which 
is fairly ugly, considering that you could do things like hotplug an 
ATAPI device when the other port was in use, for example), or do 
something to prevent requests from reaching this point with >4GB 
addresses in the first place..

> 
>> Tejun, I believe you had a patch that was printing warnings when libata 
>> tried to program a legacy PRD with an address over 4GB. Could we change 
>> that to WARN_ON and get someone experiencing this to try it and
>> see what the stack trace points to?
> 
> Unfortunately, the stack trace probably won't help, since the command
> likely gets issued from the block request function, so the trace won't
> go back to the culpable initiator; that's why the command would be
> helpful.

Well, dumping the ATA command surely isn't helpful, as I'm sure it will 
be PACKET. I guess we'd have to dump out the actual CDB..
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ