lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <87sh7klyhc.fsf@notabene.neil.brown.name>
Date: Wed, 25 Apr 2018 14:08:15 +1000
From: NeilBrown <neil@...wn.name>
To: Ralf Baechle <ralf@...ux-mips.org>,
James Hogan <jhogan@...nel.org>,
Paul Burton <paul.burton@...s.com>
cc: linux-mips@...ux-mips.org, linux-kernel@...r.kernel.org
Subject: [PATCH] MIPS: c-r4k: fix data corruption related to cache coherence.
When DMA is to be performed to a MIPS32 1004K CPS, the
L1-cache for the range needs to be flushed and invalidated
first.
The code currently takes one of two approaches.
1/ If the range is less than the size of the dcache, then
HIT type requests flush/invalidate cache lines for the
particular addresses. HIT-type requests a globalised
by the CPS so this is safe on SMP.
2/ If the range is larger than the size of dcache, then
INDEX type requests flush/invalidate the whole cache.
INDEX type requests are NOT globalized by CPS so this
is NOT safe when CPS is used.
Data corruption due to '2' can quite easily be demonstrated by
repeatedly "echo 3 > /proc/sys/vm/drop_caches" and then sha1sum
a file that is several times the size of available memory.
Dropping caches means that large contiguous extents (large than
dcache) are more likely.
This was not a problem before Linux-4.8 because option 2 was
never used if CONFIG_MIPS_CPS was defined. The commit
which removed that apparently didn't appreciate the full
consequence of the change.
This patch avoids options 2 if mips_cm_present().
Fixes: c00ab4896ed5 ("MIPS: Remove cpu_has_safe_index_cacheops")
Cc: stable@...r.kernel.org (v4.8)
Signed-off-by: NeilBrown <neil@...wn.name>
---
arch/mips/mm/c-r4k.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/arch/mips/mm/c-r4k.c b/arch/mips/mm/c-r4k.c
index 6f534b209971..f845ec96f31e 100644
--- a/arch/mips/mm/c-r4k.c
+++ b/arch/mips/mm/c-r4k.c
@@ -851,9 +851,11 @@ static void r4k_dma_cache_wback_inv(unsigned long addr, unsigned long size)
/*
* Either no secondary cache or the available caches don't have the
* subset property so we have to flush the primary caches
- * explicitly
+ * explicitly.
+ * As Index type operations are not globalized by CM, we must
+ * use the HIT type when CM is present.
*/
- if (size >= dcache_size) {
+ if (!mips_cm_present() && size >= dcache_size) {
r4k_blast_dcache();
} else {
R4600_HIT_CACHEOP_WAR_IMPL;
@@ -890,7 +892,7 @@ static void r4k_dma_cache_inv(unsigned long addr, unsigned long size)
return;
}
- if (size >= dcache_size) {
+ if (!mips_cm_present() && size >= dcache_size) {
r4k_blast_dcache();
} else {
R4600_HIT_CACHEOP_WAR_IMPL;
--
2.14.0.rc0.dirty
Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)
Powered by blists - more mailing lists