lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Mar 2022 18:07:29 +0100 From: Toke Høiland-Jørgensen <toke@...e.dk> To: Robin Murphy <robin.murphy@....com>, Christoph Hellwig <hch@....de>, Maxime Bizon <mbizon@...ebox.fr> Cc: Oleksandr Natalenko <oleksandr@...alenko.name>, Linus Torvalds <torvalds@...ux-foundation.org>, Halil Pasic <pasic@...ux.ibm.com>, Marek Szyprowski <m.szyprowski@...sung.com>, Kalle Valo <kvalo@...nel.org>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Olha Cherevyk <olha.cherevyk@...il.com>, iommu <iommu@...ts.linux-foundation.org>, linux-wireless <linux-wireless@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable <stable@...r.kernel.org> Subject: Re: [REGRESSION] Recent swiotlb DMA_FROM_DEVICE fixes break ath9k-based AP Robin Murphy <robin.murphy@....com> writes: > On 2022-03-24 16:31, Christoph Hellwig wrote: >> On Thu, Mar 24, 2022 at 05:29:12PM +0100, Maxime Bizon wrote: >>>> I'm looking into this; but in the interest of a speedy resolution of >>>> the regression I would be in favour of merging that partial revert >>>> and reinstating it if/when we identify (and fix) any bugs in ath9k :) >>> >>> This looks fishy: >>> >>> ath9k/recv.c >>> >>> /* We will now give hardware our shiny new allocated skb */ >>> new_buf_addr = dma_map_single(sc->dev, requeue_skb->data, >>> common->rx_bufsize, dma_type); >>> if (unlikely(dma_mapping_error(sc->dev, new_buf_addr))) { >>> dev_kfree_skb_any(requeue_skb); >>> goto requeue_drop_frag; >>> } >>> >>> /* Unmap the frame */ >>> dma_unmap_single(sc->dev, bf->bf_buf_addr, >>> common->rx_bufsize, dma_type); >>> >>> bf->bf_mpdu = requeue_skb; >>> bf->bf_buf_addr = new_buf_addr; >> >> Creating a new mapping for the same buffer before unmapping the >> previous one does looks rather bogus. But it does not fit the >> pattern where revering the sync_single changes make the driver >> work again. > > OK, you made me look :) > > Now that it's obvious what to look for, I can only conclude that during > the stanza in ath_edma_get_buffers(), the device is still writing to the > buffer while ownership has been transferred to the CPU, and whatever got > written while ath9k_hw_process_rxdesc_edma() was running then gets wiped > out by the subsequent sync_for_device, which currently resets the > SWIOTLB slot to the state that sync_for_cpu copied out. By the letter of > the DMA API that's not allowed, but on the other hand I'm not sure if we > even have a good idiom for "I can't tell if the device has finished with > this buffer or not unless I look at it" :/ Right, but is that sync_for_device call really needed? AFAICT, that ath9k_hw_process_rxdesc_edma() invocation doesn't actually modify any of the data when it returns EINPROGRESS, so could we just skip it? Like the patch below? Or am I misunderstanding the semantics here? -Toke diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c index 0c0624a3b40d..19244d4c0ada 100644 --- a/drivers/net/wireless/ath/ath9k/recv.c +++ b/drivers/net/wireless/ath/ath9k/recv.c @@ -647,12 +647,8 @@ static bool ath_edma_get_buffers(struct ath_softc *sc, common->rx_bufsize, DMA_FROM_DEVICE); ret = ath9k_hw_process_rxdesc_edma(ah, rs, skb->data); - if (ret == -EINPROGRESS) { - /*let device gain the buffer again*/ - dma_sync_single_for_device(sc->dev, bf->bf_buf_addr, - common->rx_bufsize, DMA_FROM_DEVICE); + if (ret == -EINPROGRESS) return false; - } __skb_unlink(skb, &rx_edma->rx_fifo); if (ret == -EINVAL) {
Powered by blists - more mailing lists