lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <94D0CD8314A33A4D9D801C0FE68B40295BE10552@G4W3202.americas.hpqcorp.net>
Date:	Fri, 6 Nov 2015 23:46:07 +0000
From:	"Elliott, Robert (Persistent Memory)" <elliott@....com>
To:	Jens Axboe <axboe@...com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>
CC:	"keith.busch@...el.com" <keith.busch@...el.com>,
	"hch@...radead.org" <hch@...radead.org>
Subject: RE: [PATCH 4/5] NVMe: add blk polling support

> -----Original Message-----
> From: linux-kernel-owner@...r.kernel.org [mailto:linux-kernel-
> owner@...r.kernel.org] On Behalf Of Jens Axboe
> Sent: Friday, November 6, 2015 11:20 AM
...
> Subject: [PATCH 4/5] NVMe: add blk polling support
> 
> Add nvme_poll(), which will check a specific completion queue for
> command completions. Wire that up to the new block layer poll
> mechanism.
> 
> Later on we'll setup specific sq/cq pairs that don't have interrups
> enabled, so we can do more efficient polling. As of this patch, an
> IRQ will still trigger on command completion.
...
> -static int nvme_process_cq(struct nvme_queue *nvmeq)
> +static void __nvme_process_cq(struct nvme_queue *nvmeq, unsigned int
> *tag)
>  {
>  	u16 head, phase;
> 
> @@ -953,6 +953,8 @@ static int nvme_process_cq(struct nvme_queue *nvmeq)
>  			head = 0;
>  			phase = !phase;
>  		}
> +		if (tag && *tag == cqe.command_id)
> +			*tag = -1;
>  		ctx = nvme_finish_cmd(nvmeq, cqe.command_id, &fn);
>  		fn(nvmeq, ctx, &cqe);
>  	}

The NVMe completion queue entries are 16 bytes long.  Although it's 
most likely to write them from 0..15 in one PCIe Memory Write
transaction, the NVMe device could write those bytes in any order.
It could thus update the command identifier before the other bytes,
causing this code to process invalid stale values in the other
fields.

When using interrupts, the MSI-X interrupt ensures the whole entry
is updated first, since it is delivered with a PCIe Memory Write
transaction and upstream writes do not pass upstream writes.

The existing interrupt handler loops looking for additional
completions, so is susceptible to this same problem - it's 
just less likely.  The only concern is completions that are 
added while the CPU is in the interrupt handler.

---
Robert Elliott, HPE Persistent Memory



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ