lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Feb 2016 11:45:35 -0500 From: Murali Karicheri <m-karicheri2@...com> To: Grygorii Strashko <grygorii.strashko@...com>, Arnd Bergmann <arnd@...db.de> CC: "Franklin S Cooper Jr." <fcooper@...com>, <netdev@...r.kernel.org>, <w-kwok2@...com>, <davem@...emloft.net>, Santosh Shilimkar <ssantosh@...nel.org> Subject: Re: Keystone 2 boards boot failure On 02/03/2016 11:31 AM, Grygorii Strashko wrote: > On 02/03/2016 06:20 PM, Arnd Bergmann wrote: >> On Wednesday 03 February 2016 16:21:05 Grygorii Strashko wrote: >>> On 02/03/2016 04:11 PM, Franklin S Cooper Jr. wrote: >>>> On 02/02/2016 07:19 PM, Franklin S Cooper Jr. wrote: >>>>>> >>>>> So only making this change on the latest master with no >>>>> other changes I see the boot problem again. >>> >>> yep. I can confirm that. >>> >>> Also, I'm today came up with the similar fix that you've proposed before in this thread. >>> So, Could we move forward this way? >> >> I still think it would be good to actually understand what the actual >> problem was. >> >>> From 8280895f01b33edba303e7374431bef47630f26c Mon Sep 17 00:00:00 2001 >>> From: Grygorii Strashko <grygorii.strashko@...com> >>> Date: Wed, 3 Feb 2016 15:11:40 +0200 >>> Subject: [PATCH] net: ti: netcp: restore get/set_pad_info() functionality >>> >>> The commit 899077791403 ("netcp: try to reduce type confusion in descriptors") >>> introduces a regression in Kernel 4.5-rc1 as it breaks >>> get/set_pad_info() functionality. >>> >>> The TI NETCP driver uses pad0 and pad1 fields of knav_dma_desc to >>> store DMA/MEM buffer pointer and buffer size respectively. And in both >>> cases the pointer type size is 32 bit regardless of LAPE enabled or >>> not. >>> !LAPE LPAE >>> sizeof(void*) 32bit 32bit >>> sizeof(dma_addr_t) 32bit 32bit >>> sizeof(phys_addr_t) 32bit 64bit >>> >> >> This looks wrong: I was getting the build warnings originally >> because of 64-bit dma_addr_t, and that should be the only way that >> this driver can operate, because in some configurations on keystone >> there is no memory below 4GB, and there is no dma-ranges property >> in the DT that shifts around the start of the DMA addresses. > > see keystone.dtsi: > soc { > #address-cells = <1>; > #size-cells = <1>; > compatible = "ti,keystone","simple-bus"; > interrupt-parent = <&gic>; > ranges = <0x0 0x0 0x0 0xc0000000>; > dma-ranges = <0x80000000 0x8 0x00000000 0x80000000>; > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > config: > > CONFIG_ARCH_PHYS_ADDR_T_64BIT=y > CONFIG_PHYS_ADDR_T_64BIT=y > > and > > #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT <--- should not be defined for KS2 > typedef u64 dma_addr_t; > #else > typedef u32 dma_addr_t; > #endif > > Above is valid configuration for Keystone 2 with LPAE=y > >> >> This doesn't all fit together yet, maybe you have a better idea >> of what is going on. >> >> I don't think we should ever have a platform that has dma_addr_t >> and phys_addr_t be different. > > This is a valid case. > >> >>> Unfortunately, above commit changed buffer's pointers save/restore >>> code (get/set_pad_info()) and added intermediate conversation to u64 >>> which causes TI NETCP driver crash in RX/TX path due to "Unable to >>> handle kernel NULL pointer" exception. >> >> The conversion is not what made it crash, it must be a bug in the >> conversion ;-) >> >>> @@ -163,11 +153,10 @@ static void set_desc_info(u32 desc_info, u32 pkt_info, >>> desc->packet_info = cpu_to_le32(pkt_info); >>> } >>> >>> -static void set_pad_info(u32 pad0, u32 pad1, u32 pad2, struct knav_dma_desc *desc) >>> +static void set_pad_info(u32 pad0, u32 pad1, struct knav_dma_desc *desc) >>> { >>> desc->pad[0] = cpu_to_le32(pad0); >>> desc->pad[1] = cpu_to_le32(pad1); >>> - desc->pad[2] = cpu_to_le32(pad1); >>> } >> >> As in my earlier patch, the line you are removing here was clearly >> broken, but evidently that is not the only bug. >> >>> static void set_org_pkt_info(dma_addr_t buff, u32 buff_len, >>> @@ -581,7 +570,6 @@ static void netcp_free_rx_desc_chain(struct netcp_intf *netcp, >>> dma_addr_t dma_desc, dma_buf; >>> unsigned int buf_len, dma_sz = sizeof(*ndesc); >>> void *buf_ptr; >>> - u32 pad[2]; >>> u32 tmp; >>> >>> get_words(&dma_desc, 1, &desc->next_desc); >>> @@ -593,14 +581,12 @@ static void netcp_free_rx_desc_chain(struct netcp_intf *netcp, >>> break; >>> } >>> get_pkt_info(&dma_buf, &tmp, &dma_desc, ndesc); >>> - get_pad_ptr(&buf_ptr, ndesc); >>> + get_pad_info((u32 *)&buf_ptr, &buf_len, ndesc); >> >> I'd prefer not to put code like this back, as this cannot possibly >> do the right thing on a 64-bit architecture. >> >> >>> @@ -1078,7 +1058,6 @@ netcp_tx_map_skb(struct sk_buff *skb, struct netcp_intf *netcp) >>> u32 page_offset = frag->page_offset; >>> u32 buf_len = skb_frag_size(frag); >>> dma_addr_t desc_dma; >>> - u32 desc_dma_32; >>> u32 pkt_info; >>> >>> dma_addr = dma_map_page(dev, page, page_offset, buf_len, >>> @@ -1100,8 +1079,7 @@ netcp_tx_map_skb(struct sk_buff *skb, struct netcp_intf *netcp) >>> (netcp->tx_compl_qid & KNAV_DMA_DESC_RETQ_MASK) << >>> KNAV_DMA_DESC_RETQ_SHIFT; >>> set_pkt_info(dma_addr, buf_len, 0, ndesc); >>> - desc_dma_32 = (u32)desc_dma; >>> - set_words(&desc_dma_32, 1, &pdesc->next_desc); >>> + set_words(&desc_dma, 1, &pdesc->next_desc); >>> pkt_len += buf_len; >>> if (pdesc != desc) >>> knav_pool_desc_map(netcp->tx_pool, pdesc, >> >> This is clearly broken on big-endian kernels with 64-bit dma_addr_t, so even >> if we revert the rest I think this part has to stay. > > Keystone 2 has 32-bit dma_addr_t > >> >> I have another version for testing below. That removes the logic that >> splits and reassembles the 64-bit values, but leaves the other changes >> in place. Can you try this? > > Sry, but we really don't need this logic for KS2 ;) > Just replied as well in my response. Yes Agree. Currently we don't have a use case for Big endian support either. Murali > >> >> diff --git a/drivers/net/ethernet/ti/netcp_core.c b/drivers/net/ethernet/ti/netcp_core.c >> index c61d66d38634..cda19f2401c1 100644 >> --- a/drivers/net/ethernet/ti/netcp_core.c >> +++ b/drivers/net/ethernet/ti/netcp_core.c >> @@ -120,16 +120,14 @@ static void get_pkt_info(dma_addr_t *buff, u32 *buff_len, dma_addr_t *ndesc, >> static void get_pad_info(u32 *pad0, u32 *pad1, u32 *pad2, struct knav_dma_desc *desc) >> { >> *pad0 = le32_to_cpu(desc->pad[0]); >> - *pad1 = le32_to_cpu(desc->pad[1]); >> - *pad2 = le32_to_cpu(desc->pad[2]); >> + *pad2 = le32_to_cpu(desc->pad[1]); >> } >> >> static void get_pad_ptr(void **padptr, struct knav_dma_desc *desc) >> { >> u64 pad64; >> >> - pad64 = le32_to_cpu(desc->pad[0]) + >> - ((u64)le32_to_cpu(desc->pad[1]) << 32); >> + pad64 = le32_to_cpu(desc->pad[0]); >> *padptr = (void *)(uintptr_t)pad64; >> } >> >> @@ -166,8 +164,7 @@ static void set_desc_info(u32 desc_info, u32 pkt_info, >> static void set_pad_info(u32 pad0, u32 pad1, u32 pad2, struct knav_dma_desc *desc) >> { >> desc->pad[0] = cpu_to_le32(pad0); >> - desc->pad[1] = cpu_to_le32(pad1); >> - desc->pad[2] = cpu_to_le32(pad1); >> + desc->pad[1] = cpu_to_le32(pad2); >> } >> >> static void set_org_pkt_info(dma_addr_t buff, u32 buff_len, >> @@ -581,7 +578,7 @@ static void netcp_free_rx_desc_chain(struct netcp_intf *netcp, >> dma_addr_t dma_desc, dma_buf; >> unsigned int buf_len, dma_sz = sizeof(*ndesc); >> void *buf_ptr; >> - u32 pad[2]; >> + u32 pad; >> u32 tmp; >> >> get_words(&dma_desc, 1, &desc->next_desc); >> @@ -599,8 +596,8 @@ static void netcp_free_rx_desc_chain(struct netcp_intf *netcp, >> knav_pool_desc_put(netcp->rx_pool, desc); >> } >> >> - get_pad_info(&pad[0], &pad[1], &buf_len, desc); >> - buf_ptr = (void *)(uintptr_t)(pad[0] + ((u64)pad[1] << 32)); >> + get_pad_info(&pad, NULL, &buf_len, desc); >> + buf_ptr = (void *)(uintptr_t)(pad); >> >> if (buf_ptr) >> netcp_frag_free(buf_len <= PAGE_SIZE, buf_ptr); >> @@ -653,8 +650,8 @@ static int netcp_process_one_rx_packet(struct netcp_intf *netcp) >> } >> >> get_pkt_info(&dma_buff, &buf_len, &dma_desc, desc); >> - get_pad_info(&pad[0], &pad[1], &org_buf_len, desc); >> - org_buf_ptr = (void *)(uintptr_t)(pad[0] + ((u64)pad[1] << 32)); >> + get_pad_info(&pad[0], NULL, &org_buf_len, desc); >> + org_buf_ptr = (void *)(uintptr_t)(pad[0]); >> >> if (unlikely(!org_buf_ptr)) { >> dev_err(netcp->ndev_dev, "NULL bufptr in desc\n"); >> @@ -858,8 +855,7 @@ static int netcp_allocate_rx_buf(struct netcp_intf *netcp, int fdq) >> if (unlikely(dma_mapping_error(netcp->dev, dma))) >> goto fail; >> >> - pad[0] = lower_32_bits((uintptr_t)bufptr); >> - pad[1] = upper_32_bits((uintptr_t)bufptr); >> + pad[0] = (uintptr_t)bufptr; >> >> } else { >> /* Allocate a secondary receive queue entry */ >> @@ -870,8 +866,7 @@ static int netcp_allocate_rx_buf(struct netcp_intf *netcp, int fdq) >> } >> buf_len = PAGE_SIZE; >> dma = dma_map_page(netcp->dev, page, 0, buf_len, DMA_TO_DEVICE); >> - pad[0] = lower_32_bits(dma); >> - pad[1] = upper_32_bits(dma); >> + pad[0] = (u32)(dma); >> pad[2] = 0; >> } >> >> @@ -882,7 +877,7 @@ static int netcp_allocate_rx_buf(struct netcp_intf *netcp, int fdq) >> pkt_info |= (netcp->rx_queue_id & KNAV_DMA_DESC_RETQ_MASK) << >> KNAV_DMA_DESC_RETQ_SHIFT; >> set_org_pkt_info(dma, buf_len, hwdesc); >> - set_pad_info(pad[0], pad[1], pad[2], hwdesc); >> + set_pad_info(pad[0], 0, pad[2], hwdesc); >> set_desc_info(desc_info, pkt_info, hwdesc); >> >> /* Push to FDQs */ >> @@ -1194,10 +1189,8 @@ static int netcp_tx_submit_skb(struct netcp_intf *netcp, >> } >> >> set_words(&tmp, 1, &desc->packet_info); >> - tmp = lower_32_bits((uintptr_t)&skb); >> + tmp = (uintptr_t)&skb; >> set_words(&tmp, 1, &desc->pad[0]); >> - tmp = upper_32_bits((uintptr_t)&skb); >> - set_words(&tmp, 1, &desc->pad[1]); >> >> if (tx_pipe->flags & SWITCH_TO_PORT_IN_TAGINFO) { >> tmp = tx_pipe->switch_to_port; >> > > -- Murali Karicheri Linux Kernel, Keystone
Powered by blists - more mailing lists