lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YAsq6XE4okZbPf9Z@archbook>
Date:   Fri, 22 Jan 2021 11:43:37 -0800
From:   Moritz Fischer <mdf@...nel.org>
To:     Robin Murphy <robin.murphy@....com>
Cc:     Moritz Fischer <mdf@...nel.org>, lorenzo.pieralisi@....com,
        guohanjun@...wei.com, rjw@...ysocki.net,
        linux-kernel@...r.kernel.org, linux-acpi@...r.kernel.org,
        moritzf@...gle.com, sudeep.holla@....com, will@...nel.org,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2] ACPI/IORT: Do not blindly trust DMA masks from
 firmware

On Fri, Jan 22, 2021 at 07:17:59PM +0000, Robin Murphy wrote:
> On 2021-01-22 17:50, Moritz Fischer wrote:
> > Hi Robin,
> > 
> > On Fri, Jan 22, 2021 at 02:42:05PM +0000, Robin Murphy wrote:
> > > On 2021-01-22 01:24, Moritz Fischer wrote:
> > > > Address issue observed on real world system with suboptimal IORT table
> > > > where DMA masks of PCI devices would get set to 0 as result.
> > > > 
> > > > iort_dma_setup() would query the root complex'/named component IORT
> > > > entry for a DMA mask, and use that over the one the device has been
> > > > configured with earlier.
> > > > 
> > > > Ideally we want to use the minimum mask of what the IORT contains for
> > > > the root complex and what the device was configured with.
> > > > 
> > > > Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes")
> > > > Signed-off-by: Moritz Fischer <mdf@...nel.org>
> > > > ---
> > > > 
> > > > Changes from v1:
> > > > - Changed warning to FW_BUG
> > > > - Warn for both Named Component or Root Complex
> > > > - Replaced min_not_zero() with min()
> > > > 
> > > > ---
> > > >    drivers/acpi/arm64/iort.c | 14 ++++++++++++--
> > > >    1 file changed, 12 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
> > > > index d4eac6d7e9fb..2494138a6905 100644
> > > > --- a/drivers/acpi/arm64/iort.c
> > > > +++ b/drivers/acpi/arm64/iort.c
> > > > @@ -1107,6 +1107,11 @@ static int nc_dma_get_range(struct device *dev, u64 *size)
> > > >    	ncomp = (struct acpi_iort_named_component *)node->node_data;
> > > > +	if (!ncomp->memory_address_limit) {
> > > > +		pr_warn(FW_BUG "Named component missing memory address limit\n");
> > > > +		return -EINVAL;
> > > > +	}
> > > > +
> > > >    	*size = ncomp->memory_address_limit >= 64 ? U64_MAX :
> > > >    			1ULL<<ncomp->memory_address_limit;
> > > > @@ -1126,6 +1131,11 @@ static int rc_dma_get_range(struct device *dev, u64 *size)
> > > >    	rc = (struct acpi_iort_root_complex *)node->node_data;
> > > > +	if (!rc->memory_address_limit) {
> > > > +		pr_warn(FW_BUG "Root complex missing memory address limit\n");
> > > > +		return -EINVAL;
> > > > +	}
> > > > +
> > > >    	*size = rc->memory_address_limit >= 64 ? U64_MAX :
> > > >    			1ULL<<rc->memory_address_limit;
> > > > @@ -1173,8 +1183,8 @@ void iort_dma_setup(struct device *dev, u64 *dma_addr, u64 *dma_size)
> > > >    		end = dmaaddr + size - 1;
> > > >    		mask = DMA_BIT_MASK(ilog2(end) + 1);
> > > >    		dev->bus_dma_limit = end;
> > > > -		dev->coherent_dma_mask = mask;
> > > > -		*dev->dma_mask = mask;
> > > > +		dev->coherent_dma_mask = min(dev->coherent_dma_mask, mask);
> > > > +		*dev->dma_mask = min(*dev->dma_mask, mask);
> > > 
> > > Oops, I got so distracted by the "not_zero" aspect in v1 that I ended up
> > > thinking purely about smaller-than-default masks, but of course this *does*
> > > matter the other way round. And it is what we've always done on the DT side,
> > > so at least it makes us consistent.
> > > 
> > > FWIW I've already started writing up a patch to kill off this bit entirely,
> > > but either way we still can't meaningfully interpret a supposed DMA limit of
> > > 0 bits in a table describing DMA-capable devices, so for this patch as a
> > > fix,
> > > 
> > > Reviewed-by: Robin Murphy <robin.murphy@....com>
> > 
> > I think there's another issue the comparisons for revision should be
> > against < 2 not < 1.
> > 
> >  From what I could find DEN0049D (IORT) spec introduced the fields
> > (curiously the C doc seems to be missing).
> 
> I guess it got lost in the documentation system move. FWIW I still have a
> copy of issue C, and root complex nodes are unchanged at revision 0 there.
> 
> > DEN0049B specifies revision as '0', DEN0049C (missing?), DEN0049D
> > specifies new fields for memory_size_limit and both Named Component and
> > Root Complex nodes set revision to 2.
> 
> My copy of issue D says Root Complex nodes are at revision 1, with memory
> address size limit added.
> 
> (Note that Named Component nodes did bump to rev. 1 in issue C, then to rev.
> 2 in issue D)
> 
> Issue E bumped Root Complex nodes to revision 2 with the addition of the PRI
> flag, then E.a made a mess of everything by deprecating the revision numbers
> for individual tables - we probably need to deal with *that*, since
> otherwise we'll think new tables are back at rev. 0 again, but AFAICS the
> current check is correct for anything written against the first 5 releases.

Ok, yeah, I double checked this, you're right. Then patch should be fine
as is.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ