lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Aug 2020 09:29:13 +0800 From: Jia-Ju Bai <baijiaju@...nghua.edu.cn> To: Zhou Wang <wangzhou1@...ilicon.com>, herbert@...dor.apana.org.au, davem@...emloft.net Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [BUG] crypto: hisilicon: accessing the data mapped to streaming DMA On 2020/8/3 9:12, Zhou Wang wrote: > On 2020/8/2 22:52, Jia-Ju Bai wrote: >> In qm_qp_ctx_cfg(), "sqc" and "aeqc" are mapped to streaming DMA: >> eqc_dma = dma_map_single(..., eqc, ...); >> ...... >> aeqc_dma = dma_map_single(..., aeqc, ...); > Only sqc, cqc will be configured in qm_qp_ctx_cfg. > >> Then "sqc" and "aeqc" are accessed at many places, such as: >> eqc->base_l = cpu_to_le32(lower_32_bits(qm->eqe_dma)); >> eqc->base_h = cpu_to_le32(upper_32_bits(qm->eqe_dma)); >> ...... >> aeqc->base_l = cpu_to_le32(lower_32_bits(qm->aeqe_dma)); >> aeqc->base_h = cpu_to_le32(upper_32_bits(qm->aeqe_dma)); > There are sqc, cqc, eqc, aeqc, you seems misunderstand them. > >> These accesses may cause data inconsistency between CPU cache and hardware. >> >> I am not sure how to properly fix this problem, and thus I only report it. > In qm_qp_ctx_cfg, sqc/cqc memory will be allocated and related mailbox will be sent > to hardware. In qm_eq_ctx_cfg, eqc/aeqc related operations will be done. > > So there is no problem here :) Ah, sorry, I misunderstood qm_eq_ctx_cfg() and qm_qp_ctx_cfg(), because their names are quite similar. Now, I re-organize this report as follows: In qm_eq_ctx_cfg(), "eqc" and "aeqc" are mapped to streaming DMA: eqc_dma = dma_map_single(..., eqc, ...); ...... aeqc_dma = dma_map_single(..., aeqc, ...); Then "sqc" and "aeqc" are accessed at some places in qm_eq_ctx_cfg(), such as: eqc->base_l = cpu_to_le32(lower_32_bits(qm->eqe_dma)); eqc->base_h = cpu_to_le32(upper_32_bits(qm->eqe_dma)); ...... aeqc->base_l = cpu_to_le32(lower_32_bits(qm->aeqe_dma)); aeqc->base_h = cpu_to_le32(upper_32_bits(qm->aeqe_dma)); These accesses may cause data inconsistency between CPU cache and hardware. Besides, in qm_qp_ctx_cfg(), "sqc" and "cqc" are mapped to streaming DMA: sqc_dma = dma_map_single(..., sqc, ...); ...... cqc_dma = dma_map_single(..., cqc, ...); Then "sqc" and "cqc" are at some places in qm_qp_ctx_cfg(), such as: sqc->cq_num = cpu_to_le16(qp_id); sqc->w13 = cpu_to_le16(QM_MK_SQC_W13(0, 1, qp->alg_type)); ...... cqc->dw3 = cpu_to_le32(QM_MK_CQC_DW3_V2(4)); cqc->w8 = 0; These accesses may cause data inconsistency between CPU cache and hardware. I think such problems (if they are real) can be fixed by finishing data assignment before DMA mapping. Best wishes, Jia-Ju Bai
Powered by blists - more mailing lists