lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Mar 2022 16:52:31 +0000
From:   Robin Murphy <robin.murphy@....com>
To:     Christoph Hellwig <hch@....de>, Maxime Bizon <mbizon@...ebox.fr>
Cc:     Toke Høiland-Jørgensen <toke@...e.dk>,
        Oleksandr Natalenko <oleksandr@...alenko.name>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Halil Pasic <pasic@...ux.ibm.com>,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        Kalle Valo <kvalo@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Olha Cherevyk <olha.cherevyk@...il.com>,
        iommu <iommu@...ts.linux-foundation.org>,
        linux-wireless <linux-wireless@...r.kernel.org>,
        Netdev <netdev@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable <stable@...r.kernel.org>
Subject: Re: [REGRESSION] Recent swiotlb DMA_FROM_DEVICE fixes break
 ath9k-based AP

On 2022-03-24 16:31, Christoph Hellwig wrote:
> On Thu, Mar 24, 2022 at 05:29:12PM +0100, Maxime Bizon wrote:
>>> I'm looking into this; but in the interest of a speedy resolution of
>>> the regression I would be in favour of merging that partial revert
>>> and reinstating it if/when we identify (and fix) any bugs in ath9k :)
>>
>> This looks fishy:
>>
>> ath9k/recv.c
>>
>>                  /* We will now give hardware our shiny new allocated skb */
>>                  new_buf_addr = dma_map_single(sc->dev, requeue_skb->data,
>>                                                common->rx_bufsize, dma_type);
>>                  if (unlikely(dma_mapping_error(sc->dev, new_buf_addr))) {
>>                          dev_kfree_skb_any(requeue_skb);
>>                          goto requeue_drop_frag;
>>                  }
>>
>>                  /* Unmap the frame */
>>                  dma_unmap_single(sc->dev, bf->bf_buf_addr,
>>                                   common->rx_bufsize, dma_type);
>>
>>                  bf->bf_mpdu = requeue_skb;
>>                  bf->bf_buf_addr = new_buf_addr;
> 
> Creating a new mapping for the same buffer before unmapping the
> previous one does looks rather bogus.  But it does not fit the
> pattern where revering the sync_single changes make the driver
> work again.

OK, you made me look :)

Now that it's obvious what to look for, I can only conclude that during 
the stanza in ath_edma_get_buffers(), the device is still writing to the 
buffer while ownership has been transferred to the CPU, and whatever got 
written while ath9k_hw_process_rxdesc_edma() was running then gets wiped 
out by the subsequent sync_for_device, which currently resets the 
SWIOTLB slot to the state that sync_for_cpu copied out. By the letter of 
the DMA API that's not allowed, but on the other hand I'm not sure if we 
even have a good idiom for "I can't tell if the device has finished with 
this buffer or not unless I look at it" :/

Robin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ