lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20201023183047.42e315c1@kicinski-fedora-PC1C0HJN.hsd1.ca.comcast.net>
Date:   Fri, 23 Oct 2020 18:30:47 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Alex Elder <elder@...aro.org>
Cc:     davem@...emloft.net, evgreen@...omium.org, subashab@...eaurora.org,
        cpratapa@...eaurora.org, bjorn.andersson@...aro.org,
        swboyd@...omium.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] net: ipa: command payloads already mapped

On Wed, 21 Oct 2020 20:00:29 -0500 Alex Elder wrote:
> IPA transactions describe actions to be performed by the IPA
> hardware.  Three cases use IPA transactions:  transmitting a socket
> buffer; providing a page to receive packet data; and issuing an IPA
> immediate command.  An IPA transaction contains a scatter/gather
> list (SGL) to hold the set of actions to be performed.
> 
> We map buffers in the SGL for DMA at the time they are added to the
> transaction.  For skb TX transactions, we fill the SGL with a call
> to skb_to_sgvec().  Page RX transactions involve a single page
> pointer, and that is recorded in the SGL with sg_set_page().  In
> both of these cases we then map the SGL for DMA with a call to
> dma_map_sg().
> 
> Immediate commands are different.  The payload for an immediate
> command comes from a region of coherent DMA memory, which must
> *not* be mapped for DMA.  For that reason, gsi_trans_cmd_add()
> sort of hand-crafts each SGL entry added to a command transaction.
> 
> This patch fixes a problem with the code that crafts the SGL entry
> for an immediate command.  Previously a portion of the SGL entry was
> updated using sg_set_buf().  However this is not valid because it
> includes a call to virt_to_page() on the buffer, but the command
> buffer pointer is not a linear address.
> 
> Since we never actually map the SGL for command transactions, there
> are very few fields in the SGL we need to fill.  Specifically, we
> only need to record the DMA address and the length, so they can be
> used by __gsi_trans_commit() to fill a TRE.  We additionally need to
> preserve the SGL flags so for_each_sg() still works.  For that we
> can simply assign a null page pointer for command SGL entries.
> 
> Fixes: 9dd441e4ed575 ("soc: qcom: ipa: GSI transactions")
> Reported-by: Stephen Boyd <swboyd@...omium.org>
> Tested-by: Stephen Boyd <swboyd@...omium.org>
> Signed-off-by: Alex Elder <elder@...aro.org>

Applied, thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ