lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 7 Aug 2020 11:58:22 +0800
From:   Zhou Wang <wangzhou1@...ilicon.com>
To:     Jia-Ju Bai <baijiaju@...nghua.edu.cn>,
        <herbert@...dor.apana.org.au>, <davem@...emloft.net>
CC:     <linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] crypto: hisilicon: accessing the data mapped to streaming
 DMA

On 2020/8/3 9:29, Jia-Ju Bai wrote:
> 
> 
> On 2020/8/3 9:12, Zhou Wang wrote:
>> On 2020/8/2 22:52, Jia-Ju Bai wrote:
>>> In qm_qp_ctx_cfg(), "sqc" and "aeqc" are mapped to streaming DMA:
>>>    eqc_dma = dma_map_single(..., eqc, ...);
>>>    ......
>>>    aeqc_dma = dma_map_single(..., aeqc, ...);
>> Only sqc, cqc will be configured in qm_qp_ctx_cfg.
>>
>>> Then "sqc" and "aeqc" are accessed at many places, such as:
>>>    eqc->base_l = cpu_to_le32(lower_32_bits(qm->eqe_dma));
>>>    eqc->base_h = cpu_to_le32(upper_32_bits(qm->eqe_dma));
>>>    ......
>>>    aeqc->base_l = cpu_to_le32(lower_32_bits(qm->aeqe_dma));
>>>    aeqc->base_h = cpu_to_le32(upper_32_bits(qm->aeqe_dma));
>> There are sqc, cqc, eqc, aeqc, you seems misunderstand them.
>>
>>> These accesses may cause data inconsistency between CPU cache and hardware.
>>>
>>> I am not sure how to properly fix this problem, and thus I only report it.
>> In qm_qp_ctx_cfg, sqc/cqc memory will be allocated and related mailbox will be sent
>> to hardware. In qm_eq_ctx_cfg, eqc/aeqc related operations will be done.
>>
>> So there is no problem here :)
> 
> Ah, sorry, I misunderstood qm_eq_ctx_cfg() and qm_qp_ctx_cfg(), because their names are quite similar.
> Now, I re-organize this report as follows:
> 
> In qm_eq_ctx_cfg(), "eqc" and "aeqc" are mapped to streaming DMA:
>   eqc_dma = dma_map_single(..., eqc, ...);
>   ......
>   aeqc_dma = dma_map_single(..., aeqc, ...);
> 
> Then "sqc" and "aeqc" are accessed at some places in qm_eq_ctx_cfg(), such as:
>   eqc->base_l = cpu_to_le32(lower_32_bits(qm->eqe_dma));
>   eqc->base_h = cpu_to_le32(upper_32_bits(qm->eqe_dma));
>   ......
>   aeqc->base_l = cpu_to_le32(lower_32_bits(qm->aeqe_dma));
>   aeqc->base_h = cpu_to_le32(upper_32_bits(qm->aeqe_dma));
> 
> These accesses may cause data inconsistency between CPU cache and hardware.
> 
> Besides, in qm_qp_ctx_cfg(), "sqc" and "cqc" are mapped to streaming DMA:
>   sqc_dma = dma_map_single(..., sqc, ...);
>   ......
>   cqc_dma = dma_map_single(..., cqc, ...);
> 
> 
> Then "sqc" and "cqc" are at some places in qm_qp_ctx_cfg(), such as:
>   sqc->cq_num = cpu_to_le16(qp_id);
>   sqc->w13 = cpu_to_le16(QM_MK_SQC_W13(0, 1, qp->alg_type));
>   ......
>   cqc->dw3 = cpu_to_le32(QM_MK_CQC_DW3_V2(4));
>   cqc->w8 = 0;
> 
> These accesses may cause data inconsistency between CPU cache and hardware.
> 
> I think such problems (if they are real) can be fixed by finishing data assignment before DMA mapping.

Sorry for late. I got your idea, from the semantics of dma_map_single/dma_unmap_single,
we should not mix CPU and device DMA accessing here. The reason of working well is our
hardware is hardware CC.

Will fix this later.

Thanks,
Zhou

>  
> 
> Best wishes,
> Jia-Ju Bai
> 
> .
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ