lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241115123246.111346-1-sui.jingfeng@linux.dev>
Date: Fri, 15 Nov 2024 20:32:43 +0800
From: Sui Jingfeng <sui.jingfeng@...ux.dev>
To: Lucas Stach <l.stach@...gutronix.de>,
	Russell King <linux+etnaviv@...linux.org.uk>,
	Christian Gmeiner <christian.gmeiner@...il.com>
Cc: David Airlie <airlied@...il.com>,
	Simona Vetter <simona@...ll.ch>,
	etnaviv@...ts.freedesktop.org,
	dri-devel@...ts.freedesktop.org,
	linux-kernel@...r.kernel.org,
	Sui Jingfeng <sui.jingfeng@...ux.dev>
Subject: [PATCH v3 0/3] drm/etnaviv: Trivial mmu map and ummap cleanups

The 'sg->offset' denotes the offset into a page in bytes, but under drm
subsystem, there has NO drivers that etnaviv can contact that actually
touch the 'offset' data member of SG anymore. This means that all DMA
addresses that sg_dma_address() gives us will be PAGE_SIZE aligned, in
other words, sg->offset will always equal to 0.

But if 'sg->offset != 0' really could happens, then the current implement
might be not correct. Previous commits[1] fix the 'sg->offset == 0' cases
effectively, below is a simple illustration.

       One CPU page       Another one CPU page
  +----+----+----+----+   +----+----+----+----+
  ||||||              |   ||||||              |
  +----+----+----+----+   +----+----+----+----+
  ^    ^                  ^    ^
  |    |                  |    |
  |    | .----------------'    |
  |    | |    .----------------'
  |    | |    |
  +----+ +----+ +----+
  |||||| |||||| |    |  GPU pages, each one is SZ_4K
  +----+ +----+ +----+
            Correct implementation.

--------------------------------------------------------------

       One CPU page       Another one CPU page
  +----+----+----+----+   +----+----+----+----+
  |///////////////////|   ||||||              |
  +----+----+----+----+   +----+----+----+----+
  ^                   ^   ^    ^
  |                   |   |    |
  |      .------------|---'    |
  |      |    .-------|--------'
  |      |    |       |
  |      +----+       |
  |      ||||||       |
  |      +----+       |
  |       IOVA        |  GPUVA range collision if use 'sg_dma_len(sg)'
  +----+ +----+-------+  directly to map. Because 'sg_dma_len(sg)' is
  |////|/|////////////|  frequently larger than SZ_4K.
  +----+ +----+-------+
            Wrong implementation.

If we map the address range with respect to the size of the backing memory,
it will occupy GPUVA ranges that doesn't belong to. Which results in GPUVA
range collision for different buffers.

Patch 0001 of this series give a fix, patch 0002 and 0003
do trivial cleanup which eliminates unnecessary overheads.

v2 -> v3
	* Reword and improve commit message
v1 -> v2
	* Reword and fix typos and mistakes

v1 Link: https://patchwork.freedesktop.org/series/140589/

Sui Jingfeng (3):
  drm/etnaviv: Drop the offset in page manipulation
  drm/etnaviv: Fix the debug log  of the etnaviv_iommu_map()
  drm/etnaviv: Improve VA, PA, SIZE alignment checking

 drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ