lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47c6fa6b-8bbe-ee9d-e6e0-b27d8828a6d9@intel.com>
Date:   Sun, 4 Oct 2020 21:55:40 -0700
From:   Dave Jiang <dave.jiang@...el.com>
To:     Vinod Koul <vkoul@...nel.org>
Cc:     tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        dan.j.williams@...el.com, tony.luck@...el.com, jing.lin@...el.com,
        ashok.raj@...el.com, sanjay.k.kumar@...el.com,
        fenghua.yu@...el.com, kevin.tian@...el.com,
        David.Laight@...lab.com, dmaengine@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 4/5] dmaengine: idxd: Clean up descriptors with fault
 error



On 10/4/2020 9:42 PM, Vinod Koul wrote:
> On 24-09-20, 11:00, Dave Jiang wrote:
>> Add code to "complete" a descriptor when the descriptor or its completion
>> address hit a fault error when SVA mode is being used. This error can be
>> triggered due to bad programming by the user. A lock is introduced in order
>> to protect the descriptor completion lists since the fault handler will run
>> from the system work queue after being scheduled in the interrupt handler.
>>
>> Signed-off-by: Dave Jiang <dave.jiang@...el.com>
>> Reviewed-by: Tony Luck <tony.luck@...el.com>
>> Reviewed-by: Dan Williams <dan.j.williams@...el.com>
>> ---
>>   drivers/dma/idxd/idxd.h |   5 ++
>>   drivers/dma/idxd/init.c |   1 +
>>   drivers/dma/idxd/irq.c  | 143 ++++++++++++++++++++++++++++++++++++----
>>   3 files changed, 137 insertions(+), 12 deletions(-)
>>
>> diff --git a/drivers/dma/idxd/idxd.h b/drivers/dma/idxd/idxd.h
>> index 43a216c42d25..b64b6266ca97 100644
>> --- a/drivers/dma/idxd/idxd.h
>> +++ b/drivers/dma/idxd/idxd.h
>> @@ -34,6 +34,11 @@ struct idxd_irq_entry {
>>   	int id;
>>   	struct llist_head pending_llist;
>>   	struct list_head work_list;
>> +	/*
>> +	 * Lock to protect access between irq thread process descriptor
>> +	 * and irq thread processing error descriptor.
>> +	 */
>> +	spinlock_t list_lock;
>>   };
>>   
>>   struct idxd_group {
>> diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
>> index 626401a71fdd..1bb7637b02eb 100644
>> --- a/drivers/dma/idxd/init.c
>> +++ b/drivers/dma/idxd/init.c
>> @@ -97,6 +97,7 @@ static int idxd_setup_interrupts(struct idxd_device *idxd)
>>   	for (i = 0; i < msixcnt; i++) {
>>   		idxd->irq_entries[i].id = i;
>>   		idxd->irq_entries[i].idxd = idxd;
>> +		spin_lock_init(&idxd->irq_entries[i].list_lock);
>>   	}
>>   
>>   	msix = &idxd->msix_entries[0];
>> diff --git a/drivers/dma/idxd/irq.c b/drivers/dma/idxd/irq.c
>> index 17a65a13fb64..9e6cc55ad22f 100644
>> --- a/drivers/dma/idxd/irq.c
>> +++ b/drivers/dma/idxd/irq.c
>> @@ -11,6 +11,24 @@
>>   #include "idxd.h"
>>   #include "registers.h"
>>   
>> +enum irq_work_type {
>> +	IRQ_WORK_NORMAL = 0,
>> +	IRQ_WORK_PROCESS_FAULT,
>> +};
>> +
>> +struct idxd_fault {
>> +	struct work_struct work;
>> +	u64 addr;
>> +	struct idxd_device *idxd;
>> +};
>> +
>> +static int irq_process_work_list(struct idxd_irq_entry *irq_entry,
>> +				 enum irq_work_type wtype,
>> +				 int *processed, u64 data);
>> +static int irq_process_pending_llist(struct idxd_irq_entry *irq_entry,
>> +				     enum irq_work_type wtype,
>> +				     int *processed, u64 data);
>> +
>>   static void idxd_device_reinit(struct work_struct *work)
>>   {
>>   	struct idxd_device *idxd = container_of(work, struct idxd_device, work);
>> @@ -44,6 +62,46 @@ static void idxd_device_reinit(struct work_struct *work)
>>   	idxd_device_wqs_clear_state(idxd);
>>   }
>>   
>> +static void idxd_device_fault_work(struct work_struct *work)
>> +{
>> +	struct idxd_fault *fault = container_of(work, struct idxd_fault, work);
>> +	struct idxd_irq_entry *ie;
>> +	int i;
>> +	int processed;
>> +	int irqcnt = fault->idxd->num_wq_irqs + 1;
>> +
>> +	for (i = 1; i < irqcnt; i++) {
>> +		ie = &fault->idxd->irq_entries[i];
>> +		irq_process_work_list(ie, IRQ_WORK_PROCESS_FAULT,
>> +				      &processed, fault->addr);
>> +		if (processed)
>> +			break;
>> +
>> +		irq_process_pending_llist(ie, IRQ_WORK_PROCESS_FAULT,
>> +					  &processed, fault->addr);
>> +		if (processed)
>> +			break;
>> +	}
>> +
>> +	kfree(fault);
>> +}
>> +
>> +static int idxd_device_schedule_fault_process(struct idxd_device *idxd,
>> +					      u64 fault_addr)
>> +{
>> +	struct idxd_fault *fault;
>> +
>> +	fault = kmalloc(sizeof(*fault), GFP_ATOMIC);
>> +	if (!fault)
>> +		return -ENOMEM;
>> +
>> +	fault->addr = fault_addr;
>> +	fault->idxd = idxd;
>> +	INIT_WORK(&fault->work, idxd_device_fault_work);
>> +	queue_work(idxd->wq, &fault->work);
>> +	return 0;
>> +}
>> +
>>   irqreturn_t idxd_irq_handler(int vec, void *data)
>>   {
>>   	struct idxd_irq_entry *irq_entry = data;
>> @@ -125,6 +183,16 @@ irqreturn_t idxd_misc_thread(int vec, void *data)
>>   	if (!err)
>>   		goto out;
>>   
>> +	/*
>> +	 * This case should rarely happen and typically is due to software
>> +	 * programming error by the driver.
>> +	 */
>> +	if (idxd->sw_err.valid &&
>> +	    idxd->sw_err.desc_valid &&
>> +	    idxd->sw_err.fault_addr)
>> +		idxd_device_schedule_fault_process(idxd,
>> +						   idxd->sw_err.fault_addr);
> 
> This should fit in a single line ;)

Yes. With the new 100 col guideline this should be single line.

> 
>> +
>>   	gensts.bits = ioread32(idxd->reg_base + IDXD_GENSTATS_OFFSET);
>>   	if (gensts.state == IDXD_DEVICE_STATE_HALT) {
>>   		idxd->state = IDXD_DEV_HALTED;
>> @@ -152,57 +220,106 @@ irqreturn_t idxd_misc_thread(int vec, void *data)
>>   	return IRQ_HANDLED;
>>   }
>>   
>> +static bool process_fault(struct idxd_desc *desc, u64 fault_addr)
>> +{
>> +	if ((u64)desc->hw == fault_addr ||
>> +	    (u64)desc->completion == fault_addr) {
> 
> you are casting descriptor address and completion, I can understand
> former, but later..? Can you explain this please
> 

It is possible to fail on the completion writeback address if the completion 
address programmed into the descriptor is bad.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ