| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <36565295-ebaa-2a66-3389-ba5eb714ab34@arm.com>
Date: Thu, 15 Jun 2023 11:13:27 +0100
From: Robin Murphy <robin.murphy@....com>
To: Douglas Anderson <dianders@...omium.org>,
Will Deacon <will@...nel.org>
Cc: andersson@...nel.org, amit.pundir@...aro.org,
linux-arm-msm@...r.kernel.org, konrad.dybcio@...ainline.org,
Sibi Sankar <quic_sibis@...cinc.com>,
Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>,
sumit.semwal@...aro.org, Stephen Boyd <swboyd@...omium.org>,
Catalin Marinas <catalin.marinas@....com>,
Manivannan Sadhasivam <mani@...nel.org>,
Marc Zyngier <maz@...nel.org>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Revert "Revert "Revert "arm64: dma: Drop cache
invalidation from arch_dma_prep_coherent()"""
On 2023-06-15 00:59, Douglas Anderson wrote:
> This reverts commit 7bd6680b47fa4cd53ee1047693c09825e212a6f5.
>
> When booting a sc7180-trogdor based device on mainline, I see errors
> that look like this:
>
> qcom_scm firmware:scm: Assign memory protection call failed -22
> qcom_rmtfs_mem 94600000.memory: assign memory failed
> qcom_rmtfs_mem: probe of 94600000.memory failed with error -22
>
> The device still boots OK, but WiFi doesn't work.
>
> The failure only seems to happen when
> CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y. When I don't have that set then
> everything is peachy. Presumably something about the extra
> initialization disagrees with the change to drop cache invalidation.
AFAICS init_on_alloc essentially just adds __GFP_ZERO to the page
allocation. This should make no difference to a DMA allocation given
that dma_alloc_attrs explicitly zeros its allocation anyway. However...
for the non-coherent case, the DMA API's memset will be done through the
non-cacheable remap, while __GFP_ZERO can leave behind cached zeros for
the linear map alias. Thus what I assume must be happening here is that
"DMA" from the firmware is still making cacheable accesses to the buffer
and getting those zeros instead of whatever actual data which was
subsequently written non-cacheably direct to RAM. So either the firmware
still needs fixing to make non-cacheable accesses, or the SCM driver
needs to correctly describe it as coherent.
Thanks,
Robin.
> Fixes: 7bd6680b47fa ("Revert "Revert "arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()""")
> Signed-off-by: Douglas Anderson <dianders@...omium.org>
> ---
>
> arch/arm64/mm/dma-mapping.c | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
> index 3cb101e8cb29..5240f6acad64 100644
> --- a/arch/arm64/mm/dma-mapping.c
> +++ b/arch/arm64/mm/dma-mapping.c
> @@ -36,7 +36,22 @@ void arch_dma_prep_coherent(struct page *page, size_t size)
> {
> unsigned long start = (unsigned long)page_address(page);
>
> - dcache_clean_poc(start, start + size);
> + /*
> + * The architecture only requires a clean to the PoC here in order to
> + * meet the requirements of the DMA API. However, some vendors (i.e.
> + * Qualcomm) abuse the DMA API for transferring buffers from the
> + * non-secure to the secure world, resetting the system if a non-secure
> + * access shows up after the buffer has been transferred:
> + *
> + * https://lore.kernel.org/r/20221114110329.68413-1-manivannan.sadhasivam@linaro.org
> + *
> + * Using clean+invalidate appears to make this issue less likely, but
> + * the drivers themselves still need fixing as the CPU could issue a
> + * speculative read from the buffer via the linear mapping irrespective
> + * of the cache maintenance we use. Once the drivers are fixed, we can
> + * relax this to a clean operation.
> + */
> + dcache_clean_inval_poc(start, start + size);
> }
>
> #ifdef CONFIG_IOMMU_DMA
Powered by blists - more mailing lists