lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201005044213.GF2968@vkoul-mobl>
Date:   Mon, 5 Oct 2020 10:12:13 +0530
From:   Vinod Koul <vkoul@...nel.org>
To:     Dave Jiang <dave.jiang@...el.com>
Cc:     tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        dan.j.williams@...el.com, tony.luck@...el.com, jing.lin@...el.com,
        ashok.raj@...el.com, sanjay.k.kumar@...el.com,
        fenghua.yu@...el.com, kevin.tian@...el.com,
        David.Laight@...lab.com, dmaengine@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 4/5] dmaengine: idxd: Clean up descriptors with fault
 error

On 24-09-20, 11:00, Dave Jiang wrote:
> Add code to "complete" a descriptor when the descriptor or its completion
> address hit a fault error when SVA mode is being used. This error can be
> triggered due to bad programming by the user. A lock is introduced in order
> to protect the descriptor completion lists since the fault handler will run
> from the system work queue after being scheduled in the interrupt handler.
> 
> Signed-off-by: Dave Jiang <dave.jiang@...el.com>
> Reviewed-by: Tony Luck <tony.luck@...el.com>
> Reviewed-by: Dan Williams <dan.j.williams@...el.com>
> ---
>  drivers/dma/idxd/idxd.h |   5 ++
>  drivers/dma/idxd/init.c |   1 +
>  drivers/dma/idxd/irq.c  | 143 ++++++++++++++++++++++++++++++++++++----
>  3 files changed, 137 insertions(+), 12 deletions(-)
> 
> diff --git a/drivers/dma/idxd/idxd.h b/drivers/dma/idxd/idxd.h
> index 43a216c42d25..b64b6266ca97 100644
> --- a/drivers/dma/idxd/idxd.h
> +++ b/drivers/dma/idxd/idxd.h
> @@ -34,6 +34,11 @@ struct idxd_irq_entry {
>  	int id;
>  	struct llist_head pending_llist;
>  	struct list_head work_list;
> +	/*
> +	 * Lock to protect access between irq thread process descriptor
> +	 * and irq thread processing error descriptor.
> +	 */
> +	spinlock_t list_lock;
>  };
>  
>  struct idxd_group {
> diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
> index 626401a71fdd..1bb7637b02eb 100644
> --- a/drivers/dma/idxd/init.c
> +++ b/drivers/dma/idxd/init.c
> @@ -97,6 +97,7 @@ static int idxd_setup_interrupts(struct idxd_device *idxd)
>  	for (i = 0; i < msixcnt; i++) {
>  		idxd->irq_entries[i].id = i;
>  		idxd->irq_entries[i].idxd = idxd;
> +		spin_lock_init(&idxd->irq_entries[i].list_lock);
>  	}
>  
>  	msix = &idxd->msix_entries[0];
> diff --git a/drivers/dma/idxd/irq.c b/drivers/dma/idxd/irq.c
> index 17a65a13fb64..9e6cc55ad22f 100644
> --- a/drivers/dma/idxd/irq.c
> +++ b/drivers/dma/idxd/irq.c
> @@ -11,6 +11,24 @@
>  #include "idxd.h"
>  #include "registers.h"
>  
> +enum irq_work_type {
> +	IRQ_WORK_NORMAL = 0,
> +	IRQ_WORK_PROCESS_FAULT,
> +};
> +
> +struct idxd_fault {
> +	struct work_struct work;
> +	u64 addr;
> +	struct idxd_device *idxd;
> +};
> +
> +static int irq_process_work_list(struct idxd_irq_entry *irq_entry,
> +				 enum irq_work_type wtype,
> +				 int *processed, u64 data);
> +static int irq_process_pending_llist(struct idxd_irq_entry *irq_entry,
> +				     enum irq_work_type wtype,
> +				     int *processed, u64 data);
> +
>  static void idxd_device_reinit(struct work_struct *work)
>  {
>  	struct idxd_device *idxd = container_of(work, struct idxd_device, work);
> @@ -44,6 +62,46 @@ static void idxd_device_reinit(struct work_struct *work)
>  	idxd_device_wqs_clear_state(idxd);
>  }
>  
> +static void idxd_device_fault_work(struct work_struct *work)
> +{
> +	struct idxd_fault *fault = container_of(work, struct idxd_fault, work);
> +	struct idxd_irq_entry *ie;
> +	int i;
> +	int processed;
> +	int irqcnt = fault->idxd->num_wq_irqs + 1;
> +
> +	for (i = 1; i < irqcnt; i++) {
> +		ie = &fault->idxd->irq_entries[i];
> +		irq_process_work_list(ie, IRQ_WORK_PROCESS_FAULT,
> +				      &processed, fault->addr);
> +		if (processed)
> +			break;
> +
> +		irq_process_pending_llist(ie, IRQ_WORK_PROCESS_FAULT,
> +					  &processed, fault->addr);
> +		if (processed)
> +			break;
> +	}
> +
> +	kfree(fault);
> +}
> +
> +static int idxd_device_schedule_fault_process(struct idxd_device *idxd,
> +					      u64 fault_addr)
> +{
> +	struct idxd_fault *fault;
> +
> +	fault = kmalloc(sizeof(*fault), GFP_ATOMIC);
> +	if (!fault)
> +		return -ENOMEM;
> +
> +	fault->addr = fault_addr;
> +	fault->idxd = idxd;
> +	INIT_WORK(&fault->work, idxd_device_fault_work);
> +	queue_work(idxd->wq, &fault->work);
> +	return 0;
> +}
> +
>  irqreturn_t idxd_irq_handler(int vec, void *data)
>  {
>  	struct idxd_irq_entry *irq_entry = data;
> @@ -125,6 +183,16 @@ irqreturn_t idxd_misc_thread(int vec, void *data)
>  	if (!err)
>  		goto out;
>  
> +	/*
> +	 * This case should rarely happen and typically is due to software
> +	 * programming error by the driver.
> +	 */
> +	if (idxd->sw_err.valid &&
> +	    idxd->sw_err.desc_valid &&
> +	    idxd->sw_err.fault_addr)
> +		idxd_device_schedule_fault_process(idxd,
> +						   idxd->sw_err.fault_addr);

This should fit in a single line ;)

> +
>  	gensts.bits = ioread32(idxd->reg_base + IDXD_GENSTATS_OFFSET);
>  	if (gensts.state == IDXD_DEVICE_STATE_HALT) {
>  		idxd->state = IDXD_DEV_HALTED;
> @@ -152,57 +220,106 @@ irqreturn_t idxd_misc_thread(int vec, void *data)
>  	return IRQ_HANDLED;
>  }
>  
> +static bool process_fault(struct idxd_desc *desc, u64 fault_addr)
> +{
> +	if ((u64)desc->hw == fault_addr ||
> +	    (u64)desc->completion == fault_addr) {

you are casting descriptor address and completion, I can understand
former, but later..? Can you explain this please

-- 
~Vinod

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ