lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e1567e0d-4724-fb6b-cc22-3a723eec5e0f@samsung.com>
Date:   Tue, 4 Dec 2018 09:38:02 +0100
From:   Marek Szyprowski <m.szyprowski@...sung.com>
To:     Robin Murphy <robin.murphy@....com>,
        Christoph Hellwig <hch@....de>,
        iommu@...ts.linux-foundation.org
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        linux-kernel@...r.kernel.org, Guo Ren <ren_guo@...ky.com>,
        Laura Abbott <labbott@...hat.com>,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 5/9] dma-mapping: support highmem in the generic remap
 allocator

Hi All,

On 2018-11-30 20:05, Robin Murphy wrote:
> On 05/11/2018 12:19, Christoph Hellwig wrote:
>> By using __dma_direct_alloc_pages we can deal entirely with struct page
>> instead of having to derive a kernel virtual address.
>
> Simple enough :)
>
> Reviewed-by: Robin Murphy <robin.murphy@....com>

This patch has landed linux-next yesterday and I've noticed that it
breaks operation of many drivers. The change looked simple, but a stupid
bug managed to slip into the code. After a short investigation I've
noticed that __dma_direct_alloc_pages() doesn't set dma_handle and zero
allocated memory, while dma_direct_alloc_pages() did. The other
difference is the lack of set_memory_decrypted() handling.

Following patch fixes the issue, but maybe it would be better to fix it
in kernel/dma/direct.c:

diff --git a/kernel/dma/remap.c b/kernel/dma/remap.c
index dcc82dd668f8..7765ddc56e4e 100644
--- a/kernel/dma/remap.c
+++ b/kernel/dma/remap.c
@@ -219,8 +219,14 @@ void *arch_dma_alloc(struct device *dev, size_t
size, dma_addr_t *dma_handle,
        ret = dma_common_contiguous_remap(page, size, VM_USERMAP,
                        arch_dma_mmap_pgprot(dev, PAGE_KERNEL, attrs),
                        __builtin_return_address(0));
-       if (!ret)
+       if (!ret) {
                __dma_direct_free_pages(dev, size, page);
+               return ret;
+       }
+
+       *dma_handle = phys_to_dma(dev, page_to_phys(page));
+       memset(ret, 0, size);
+
        return ret;
 }

>
>> Signed-off-by: Christoph Hellwig <hch@....de>
>> ---
>>   kernel/dma/remap.c | 14 +++++++-------
>>   1 file changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/kernel/dma/remap.c b/kernel/dma/remap.c
>> index bc42766f52df..8f1fca34b894 100644
>> --- a/kernel/dma/remap.c
>> +++ b/kernel/dma/remap.c
>> @@ -196,7 +196,7 @@ void *arch_dma_alloc(struct device *dev, size_t
>> size, dma_addr_t *dma_handle,
>>           gfp_t flags, unsigned long attrs)
>>   {
>>       struct page *page = NULL;
>> -    void *ret, *kaddr;
>> +    void *ret;
>>         size = PAGE_ALIGN(size);
>>   @@ -208,10 +208,9 @@ void *arch_dma_alloc(struct device *dev,
>> size_t size, dma_addr_t *dma_handle,
>>           return ret;
>>       }
>>   -    kaddr = dma_direct_alloc_pages(dev, size, dma_handle, flags,
>> attrs);
>> -    if (!kaddr)
>> +    page = __dma_direct_alloc_pages(dev, size, dma_handle, flags,
>> attrs);
>> +    if (!page)
>>           return NULL;
>> -    page = virt_to_page(kaddr);
>>         /* remove any dirty cache lines on the kernel alias */
>>       arch_dma_prep_coherent(page, size);
>> @@ -221,7 +220,7 @@ void *arch_dma_alloc(struct device *dev, size_t
>> size, dma_addr_t *dma_handle,
>>               arch_dma_mmap_pgprot(dev, PAGE_KERNEL, attrs),
>>               __builtin_return_address(0));
>>       if (!ret)
>> -        dma_direct_free_pages(dev, size, kaddr, *dma_handle, attrs);
>> +        __dma_direct_free_pages(dev, size, page);
>>       return ret;
>>   }
>>   @@ -229,10 +228,11 @@ void arch_dma_free(struct device *dev, size_t
>> size, void *vaddr,
>>           dma_addr_t dma_handle, unsigned long attrs)
>>   {
>>       if (!dma_free_from_pool(vaddr, PAGE_ALIGN(size))) {
>> -        void *kaddr = phys_to_virt(dma_to_phys(dev, dma_handle));
>> +        phys_addr_t phys = dma_to_phys(dev, dma_handle);
>> +        struct page *page = pfn_to_page(__phys_to_pfn(phys));
>>             vunmap(vaddr);
>> -        dma_direct_free_pages(dev, size, kaddr, dma_handle, attrs);
>> +        __dma_direct_free_pages(dev, size, page);
>>       }
>>   }
>>  
>
Best regards
-- 
Marek Szyprowski, PhD
Samsung R&D Institute Poland

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ