lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <452155d2-c98e-23f6-86d6-3a2ff2e74783@arm.com>
Date:   Thu, 24 Jun 2021 12:34:09 +0100
From:   Robin Murphy <robin.murphy@....com>
To:     Will Deacon <will@...nel.org>
Cc:     Claire Chang <tientzu@...omium.org>,
        Christoph Hellwig <hch@....de>,
        Qian Cai <quic_qiancai@...cinc.com>,
        Rob Herring <robh+dt@...nel.org>, mpe@...erman.id.au,
        Joerg Roedel <joro@...tes.org>,
        Frank Rowand <frowand.list@...il.com>,
        Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
        boris.ostrovsky@...cle.com, jgross@...e.com,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        heikki.krogerus@...ux.intel.com, thomas.hellstrom@...ux.intel.com,
        peterz@...radead.org, benh@...nel.crashing.org,
        joonas.lahtinen@...ux.intel.com, dri-devel@...ts.freedesktop.org,
        chris@...is-wilson.co.uk, grant.likely@....com, paulus@...ba.org,
        mingo@...nel.org, Jianxiong Gao <jxgao@...gle.com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        Saravana Kannan <saravanak@...gle.com>, xypron.glpk@....de,
        "Rafael J . Wysocki" <rafael.j.wysocki@...el.com>,
        Bartosz Golaszewski <bgolaszewski@...libre.com>,
        bskeggs@...hat.com, linux-pci@...r.kernel.org,
        xen-devel@...ts.xenproject.org,
        Thierry Reding <treding@...dia.com>,
        intel-gfx@...ts.freedesktop.org, matthew.auld@...el.com,
        linux-devicetree <devicetree@...r.kernel.org>,
        Daniel Vetter <daniel@...ll.ch>, airlied@...ux.ie,
        maarten.lankhorst@...ux.intel.com, linuxppc-dev@...ts.ozlabs.org,
        jani.nikula@...ux.intel.com,
        Nicolas Boichat <drinkcat@...omium.org>,
        rodrigo.vivi@...el.com, Bjorn Helgaas <bhelgaas@...gle.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        lkml <linux-kernel@...r.kernel.org>,
        "list@....net:IOMMU DRIVERS" <iommu@...ts.linux-foundation.org>,
        Jim Quinlan <james.quinlan@...adcom.com>,
        Tom Lendacky <thomas.lendacky@....com>, bauerman@...ux.ibm.com
Subject: Re: [PATCH v14 06/12] swiotlb: Use is_swiotlb_force_bounce for
 swiotlb data bouncing

On 2021-06-24 12:18, Will Deacon wrote:
> On Thu, Jun 24, 2021 at 12:14:39PM +0100, Robin Murphy wrote:
>> On 2021-06-24 07:05, Claire Chang wrote:
>>> On Thu, Jun 24, 2021 at 1:43 PM Christoph Hellwig <hch@....de> wrote:
>>>>
>>>> On Wed, Jun 23, 2021 at 02:44:34PM -0400, Qian Cai wrote:
>>>>> is_swiotlb_force_bounce at /usr/src/linux-next/./include/linux/swiotlb.h:119
>>>>>
>>>>> is_swiotlb_force_bounce() was the new function introduced in this patch here.
>>>>>
>>>>> +static inline bool is_swiotlb_force_bounce(struct device *dev)
>>>>> +{
>>>>> +     return dev->dma_io_tlb_mem->force_bounce;
>>>>> +}
>>>>
>>>> To me the crash looks like dev->dma_io_tlb_mem is NULL.  Can you
>>>> turn this into :
>>>>
>>>>           return dev->dma_io_tlb_mem && dev->dma_io_tlb_mem->force_bounce;
>>>>
>>>> for a quick debug check?
>>>
>>> I just realized that dma_io_tlb_mem might be NULL like Christoph
>>> pointed out since swiotlb might not get initialized.
>>> However,  `Unable to handle kernel paging request at virtual address
>>> dfff80000000000e` looks more like the address is garbage rather than
>>> NULL?
>>> I wonder if that's because dev->dma_io_tlb_mem is not assigned
>>> properly (which means device_initialize is not called?).
>>
>> What also looks odd is that the base "address" 0xdfff800000000000 is held in
>> a couple of registers, but the offset 0xe looks too small to match up to any
>> relevant structure member in that dereference chain :/
> 
> FWIW, I've managed to trigger a NULL dereference locally when swiotlb hasn't
> been initialised but we dereference 'dev->dma_io_tlb_mem', so I think
> Christoph's suggestion is needed regardless.

Ack to that - for SWIOTLB_NO_FORCE, io_tlb_default_mem will remain NULL. 
The massive jump in KernelCI baseline failures as of yesterday looks 
like every arm64 machine with less than 4GB of RAM blowing up...

Robin.

> But I agree that it won't help
> with the issue reported by Qian Cai.
> 
> Qian Cai: please can you share your .config and your command line?
> 
> Thanks,
> 
> Will
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ