lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 16 May 2024 12:25:19 -0400
From: Nícolas F. R. A. Prado <nfraprado@...labora.com>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Mark Brown <broonie@...nel.org>, linux-spi@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 1/1] spi: Remove unneded check for orig_nents

On Thu, May 16, 2024 at 04:25:35PM +0300, Andy Shevchenko wrote:
> On Thu, May 16, 2024 at 01:18:04PM +0300, Andy Shevchenko wrote:
> > On Wed, May 15, 2024 at 05:09:33PM -0400, Nícolas F. R. A. Prado wrote:
> > > On Tue, May 07, 2024 at 11:10:27PM +0300, Andy Shevchenko wrote:
> > > > Both dma_unmap_sgtable() and sg_free_table() in spi_unmap_buf_attrs()
> > > > have checks for orig_nents against 0. No need to duplicate this.
> > > > All the same applies to other DMA mapping API calls.
> > > > 
> > > > Also note, there is no other user in the kernel that does this kind of
> > > > checks.
> > > > 
> > > > Signed-off-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
> > > 
> > > this commit caused a regression which I reported here:
> > > 
> > > https://lore.kernel.org/all/d3679496-2e4e-4a7c-97ed-f193bd53af1d@notapiano
> > > 
> > > along with some thoughts on the cause and a possible solution, though I'm not
> > > familiar with this code base at all and would really appreciate any feedback you
> > > may have.
> > 
> > Thanks for the report and preliminary analysis!
> > I'll look at it hopefully sooner than later.
> > 
> > But at least what I think now is that my change revealed a problem somewhere
> > else, because that's how DMA mapping / streaming APIs designed, it's extremely
> > rare to check orig_nents field.
> 
> Can you test the below patch?
> 
> diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
> index b2efd4964f7c..51811f04e463 100644
> --- a/drivers/spi/spi.c
> +++ b/drivers/spi/spi.c
> @@ -1243,6 +1243,7 @@ static int __spi_map_msg(struct spi_controller *ctlr, struct spi_message *msg)
>  	else
>  		rx_dev = ctlr->dev.parent;
>  
> +	ret = -ENOMSG;
>  	list_for_each_entry(xfer, &msg->transfers, transfer_list) {
>  		/* The sync is done before each transfer. */
>  		unsigned long attrs = DMA_ATTR_SKIP_CPU_SYNC;
> @@ -1272,6 +1273,9 @@ static int __spi_map_msg(struct spi_controller *ctlr, struct spi_message *msg)
>  			}
>  		}
>  	}
> +	/* No transfer has been mapped, bail out with success */
> +	if (ret)
> +		return 0;
>  
>  	ctlr->cur_rx_dma_dev = rx_dev;
>  	ctlr->cur_tx_dma_dev = tx_dev;

Hi Andy,

thank you for the patch. Unfortunately it didn't completely solve the issue. Now
the stack trace is slightly different and points at the next line:

	dma_sync_sgtable_for_device(rx_dev, &xfer->rx_sg, DMA_FROM_DEVICE);

So now we're hitting the case where only the tx buffer was DMA mapped, but the
rx is still uninitialized, though the cur_msg_mapped flag is set to true, since
it is shared between them. The original code checked for the initialization of
each scatterlist individually, which is why it worked.

Thanks,
Nícolas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ