| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Jun 2015 14:19:49 +0200
From: David Jander <david@...tonic.nl>
To: Adrian Hunter <adrian.hunter@...el.com>
Cc: Ulf Hansson <ulf.hansson@...aro.org>,
Sascha Hauer <s.hauer@...gutronix.de>,
Johan Rudholm <johan.rudholm@...s.com>,
Javier Martinez Canillas <javier.martinez@...labora.co.uk>,
linux-mmc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 2/2] mmc: core.c: Add comment to clarify special
cases of ERASE/TRIM
Dear Adrian,
Thanks for reacting.
On Thu, 04 Jun 2015 14:16:23 +0300
Adrian Hunter <adrian.hunter@...el.com> wrote:
> On 04/06/15 13:20, David Jander wrote:
> > Signed-off-by: David Jander <david@...tonic.nl>
>
> Please never send delta patches. Always send a new version of the whole
> patch.
Sorry for that. This was meant as a separate patch though... the original
would be part 1/2 and this is part 2/2 (as noted in the subject), and I did it
only to get an idea if I understood Ulf correctly (RFC).
> > ---
> > drivers/mmc/core/core.c | 28 +++++++++++++++++++++++++++-
> > 1 file changed, 27 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
> > index 6c9611b..b6aa9ad 100644
> > --- a/drivers/mmc/core/core.c
> > +++ b/drivers/mmc/core/core.c
> > @@ -2109,11 +2109,20 @@ int mmc_erase(struct mmc_card *card, unsigned int
> > from, unsigned int nr, !(card->ext_csd.sec_feature_support &
> > EXT_CSD_SEC_GB_CL_EN)) return -EOPNOTSUPP;
> >
> > + /*
> > + * Sanity check: If we do not erase aligned, whole erase-groups,
> > return
> > + * an error, since we intended a "secure" erase, silently not
> > erasing
> > + * something would be unacceptable.
> > + */
>
> I am not sure the value of a comment that can anyway be inferred from the
> code.
Neither am I, but Ulf suggested to put some more comments to the code in this
function. At least that's what I understood... I figured it was not so obvious
why we take different approaches to ERASE and SECURE_ERASE, so some explaining
might have been desirable. I even took the time to go through the eMMC
specification to see if there was some recommendation about this...
> > if (arg == MMC_SECURE_ERASE_ARG) {
> > if (from % card->erase_size || nr % card->erase_size)
> > return -EINVAL;
> > }
> >
> > + /*
> > + * Make sure only erase-groups that are fully contained in the
> > erase
> > + * region are erased. Silently ignore the rest.
> > + */
>
> Ditto
>
> > if (arg == MMC_ERASE_ARG) {
> > rem = from % card->erase_size;
> > if (rem) {
> > @@ -2140,6 +2149,14 @@ int mmc_erase(struct mmc_card *card, unsigned int
> > from, unsigned int nr, /* 'from' and 'to' are inclusive */
> > to -= 1;
> >
> > + /*
> > + * Special case where only one erase-group fits in the timout
> > budget:
>
> timout -> timeout
Oops. Thanks.
> > + * If the region crosses an erase-group boundary on this
> > particular
> > + * case, we will be trimming more than one erase-group which,
> > does not
> > + * fit in the timeout budget of the controller, so we need to
> > split it
> > + * and call mmc_do_erase() twice if necessary. This special case
> > is
> > + * identified by the card->eg_boundary flag.
> > + */
> > if ((arg & MMC_TRIM_ARGS) && (card->eg_boundary) &&
> > (from % card->erase_size)) {
> > rem = card->erase_size - (from % card->erase_size);
> > @@ -2244,7 +2261,16 @@ static unsigned int mmc_do_calc_max_discard(struct
> > mmc_card *card, if (!qty)
> > return 0;
> >
> > - /* We can only erase one erase group special case */
> > + /*
> > + * When specifying a sector range to trim, chances are we might
> > cross
> > + * an erase-group boundary even if the amount of sectors is less
> > than
> > + * one erase-group.
> > + * If we can only fit one erase-group in the controller timeout
> > budget,
> > + * we have to care that erase-group boundaries are not crossed by
> > a
> > + * single trim operation. We flag that special case with
> > "eg_boundary".
> > + * In all other cases we can just decrement qty and pretend that
> > we
> > + * always touch (qty + 1) erase-groups as a simple optimization.
>
> The language seems a little odd here. We are setting the max_discard limit
> which does not involve "pretending" or "optimization", it is just a
> calculation. The important point is that the calculation has to count the
> maximum number of erase blocks affected not the size in erase blocks. You
> could give an example e.g. if a 2 sector trim crosses an erase block
> boundary then that counts as 2 erase blocks affected.
Sorry to disagree here. Strictly speaking we are not only calculating
max_discard, because max_discard is useless for a function that takes sectors
as arguments, when this value depends on erase-groups and not sectors. There
is no valid function converting from one to the other, so we _need_ to pretend
something. That's what the somewhat obscure "if (qty==1) return 1" trickery
does, together with the magical "--qty" afterwards. The original code pretends
that we always cross an erase-group boundary, hence the --qty. This needs
explaining, because strictly speaking it is not correct because max_discard
can be higher. It just doesn't produce wrong results because we "are on the
safe side". And doing something different for the case qty==1 is definitely an
optimization... which is what the first patch intends to do.
Maybe the name of the function is misleading...?
> > + */
> > if (qty == 1)
> > card->eg_boundary = 1;
> > else
> >
>
Best regards,
--
David Jander
Protonic Holland.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists