lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 May 2019 17:14:12 +0000
From:   Horia Geanta <horia.geanta@....com>
To:     Christoph Hellwig <hch@....de>,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        Robin Murphy <robin.murphy@....com>,
        Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
CC:     "iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
        dl-linux-imx <linux-imx@....com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Device obligation to write into a DMA_FROM_DEVICE streaming DMA
 mapping

Hi,

Is it mandatory for a device to write data in an area DMA mapped DMA_FROM_DEVICE?
Can't the device just "ignore" that mapping - i.e. not write anything - and
driver should expect original data to be found in that location (since it was
not touched / written to by the device)?
[Let's leave cache coherency aside, and consider "original data" to be in RAM.]

I am asking this since I am seeing what seems to be an inconsistent behavior /
semantics between cases when swiotlb bouncing is used and when it's not.

Specifically, the context is:
1. driver prepares a scatterlist with several entries and performs a
dma_map_sg() with direction FROM_DEVICE
2. device decides there's no need to write into the buffer pointed by first
scatterlist entry and skips it (writing into subsequent buffers)
3. driver is notified the device finished processing and dma unmaps the scatterlist

When swiotlb bounce is used, the buffer pointed to by first scatterlist entry is
corrupted. That's because swiotlb implementation expects the device to write
something into that buffer, however the device logic is "whatever was previously
in that buffer should be used" (2. above).

For FROM_DEVICE direction:
-swiotlb_tbl_map_single() does not copy data from original location to swiotlb
	if (!(attrs & DMA_ATTR_SKIP_CPU_SYNC) &&
	    (dir == DMA_TO_DEVICE || dir == DMA_BIDIRECTIONAL))
		swiotlb_bounce(orig_addr, tlb_addr, size, DMA_TO_DEVICE);
-swiotlb_tbl_unmap_single() copies data from swiotlb to original location
	if (orig_addr != INVALID_PHYS_ADDR &&
	    !(attrs & DMA_ATTR_SKIP_CPU_SYNC) &&
	    ((dir == DMA_FROM_DEVICE) || (dir == DMA_BIDIRECTIONAL)))
		swiotlb_bounce(orig_addr, tlb_addr, size, DMA_FROM_DEVICE);
and when device did not write anything (as in current situation), it overwrites
original data with zeros

In case swiotlb bounce is not used and device does not write into the
FROM_DEVICE streaming DMA maping, the original data is available.

Could you please clarify whether:
-I am missing something obvious OR
-the DMA API documentation should be updated - to mandate for device writes into
FROM_DEVICE mappings) OR
-the swiotlb implementation should be updated - to copy data from original
location irrespective of DMA mapping direction?

Thanks,
Horia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ