lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <50ae9c05-2ec4-09a8-965c-0d70ea74d879@gmail.com>
Date:   Wed, 16 Feb 2022 09:37:55 -0800
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Robin Murphy <robin.murphy@....com>, linux-kernel@...r.kernel.org
Cc:     bcm-kernel-feedback-list@...adcom.com, jim2101024@...il.com,
        opendmb@...il.com, robh@...nel.org, will@...nel.org,
        tientzu@...omium.org, Christoph Hellwig <hch@....de>,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        "open list:DMA MAPPING HELPERS" <iommu@...ts.linux-foundation.org>
Subject: Re: [PATCH] dma-contiguous: Prioritize restricted DMA pool over
 shared DMA pool

On 2/16/22 3:13 AM, Robin Murphy wrote:
> On 2022-02-15 22:43, Florian Fainelli wrote:
>> Some platforms might define the same memory region to be suitable for
>> used by a kernel supporting CONFIG_DMA_RESTRICTED_POOL while maintaining
>> compatibility with older kernels that do not support that. This is
>> achieved by declaring the node this way;
> 
> Those platforms are doing something inexplicably wrong, then.

Matter of perspective I guess.

> 
> "restricted-dma-pool" says that DMA for the device has to be bounced
> through a dedicated pool because it can't be trusted with visibility of
> regular OS memory. "reusable" tells the OS that it's safe to use the
> pool as regular OS memory while it's idle. Do you see how those concepts
> are fundamentally incompatible?

>From the perspective of the software or firmware agent that is
responsible for setting up the appropriate protection on the reserved
memory, it does not matter what the compatible string is, the only
properties that matter are the base address, size, and possibly whether
'no-map' is specified or not to set-up appropriate protection for the
various memory controller agents (CPU, PCIe, everything else).

Everything else is just information provided to the OS in order to
provide a different implementation keyed off the compatible string. So
with that in mind, you can imagine that before the introduction of
'restricted-dma-pool' in 5.15, some platforms already had such a concept
of a reserved DMA region, that was backed by a device private CMA pool,
they would allocate memory from that region and would create their own
middle layer for bounce buffering if they liked to. This is obviously
not ideal on a number of levels starting from not being done at the
appropriate level but it was done.

Now that 'restricted-dma-pool' is supported, transitioning them over is
obviously better and updating the compatible string for those specific
regions to include the more descriptive 'restrictded-dma-pool' sounded
to me as an acceptable way to maintain forward/backward DTB
compatibility rather than doubly reserving these region one with the
"old" compatible and one with the "new" compatible, not that the system
is even capable of doing that anyway, so we would have had to
essentially make them adjacent.

And no, we are not bringing Linux version awareness to our boot loader
mangling the Device Tree blob, that's not happening, hence this patch.

> 
> Linux is right to reject contradictory information rather than attempt
> to guess at what might be safe or not.

The piece of contradictory information here specifically is the
'reusable' boolean property, but as I explain the commit message
message, if you have a "properly formed" 'restricted-dma-pool' region
then it should not have that property in the first place, but even if it
does, it does not harm anything to have it.

> 
> Furthermore, down at the practical level, a SWIOTLB pool is used for
> bouncing streaming DMA API mappings, while a coherent/CMA pool is used
> for coherent DMA API allocations; they are not functionally
> interchangeable either. If a device depends on coherent allocations
> rather than streaming DMA, it should still have a coherent pool even
> under a physical memory protection scheme, and if it needs both
> streaming DMA and coherent buffers then it can have both types of pool -
> the bindings explicitly call that out. It's true that SWIOTLB pools can
> act as an emergency fallback for small allocations for I/O-coherent
> devices, but that's not really intended to be relied upon heavily.
> 
> So no, I do not see anything wrong with the current handling of
> nonsensical DTs here, sorry.

There is nothing wrong in the current code, but with changes that have
no adverse effect on "properly" constructed reserved memory entries we
can accept both types of reservation and maintain forward/backward
compatibility in our case. So why not?
-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ