lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1316540665-15622-1-git-send-email-bigeasy@linutronix.de>
Date:	Tue, 20 Sep 2011 19:44:25 +0200
From:	Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To:	FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>
Cc:	linux-kernel@...r.kernel.org, balbi@...com,
	Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Subject: [PATCH] x86/dma: make a zero length mapping length not dma capable

The following ooops happens during a call to dma_map_single():

| ------------[ cut here ]------------
| kernel BUG at lib/swiotlb.c:409!
| invalid opcode: 0000 [#1] SMP
| CPU 1
|
| RIP: 0010:[<ffffffff811a00c9>]  [<ffffffff811a00c9>] swiotlb_tbl_map_single+0x87/0x1e0
| Call Trace:
|  [<ffffffff813170e0>] ? printk+0x43/0x48
|  [<ffffffff8100d027>] ? load_TLS+0x7/0xa
|  [<ffffffff811a0261>] ? map_single+0x3f/0x3f
|  [<ffffffff811a02be>] ? swiotlb_map_page+0x5d/0xcd
|  [<ffffffff811a0261>] ? map_single+0x3f/0x3f
|  [<ffffffffa02946ca>] ? dwc3_map_buffer_to_dma+0x8a/0xe2 [dwc3]

As you know from the line 409 the size parameter was 0. This happens
because the upper layer sends a zero length packet which the dwc3 driver
tried to map.
The memory is not really used and the hardware should not really issue a
dma request however we must setup a dma descriptor which contains an
address field and a size field which is set to 0 for the zero length
packet to be sent. So the unconditional mapping was kinda convenient to
do. ARM does not complain about length == 0, the swiotlb which is
used on x86 makes trouble. Looking at other udc drivers, they either
ignore this case or workaround it by incrementing the size by 1 which
looks nasty.
For now I fixed this by not mapping zero packets at all. Anything what I
should expect from the DMA API? I.e. should it be okay to call
dma_map_single() with size = 0?
This patch is untested due to -ENODEV. Changing each implementation of
dma_map_single() will result in large patch and it is also question if
this is worth the effort.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
---
 arch/x86/include/asm/dma-mapping.h |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/arch/x86/include/asm/dma-mapping.h b/arch/x86/include/asm/dma-mapping.h
index d4c419f..e73d921 100644
--- a/arch/x86/include/asm/dma-mapping.h
+++ b/arch/x86/include/asm/dma-mapping.h
@@ -65,6 +65,8 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size)
 {
 	if (!dev->dma_mask)
 		return 0;
+	if (!size)
+		return 0;
 
 	return addr + size - 1 <= *dev->dma_mask;
 }
-- 
1.7.6.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ