lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 23 Oct 2020 18:30:47 -0700
From:   Jakub Kicinski <>
To:     Alex Elder <>
Subject: Re: [PATCH net] net: ipa: command payloads already mapped

On Wed, 21 Oct 2020 20:00:29 -0500 Alex Elder wrote:
> IPA transactions describe actions to be performed by the IPA
> hardware.  Three cases use IPA transactions:  transmitting a socket
> buffer; providing a page to receive packet data; and issuing an IPA
> immediate command.  An IPA transaction contains a scatter/gather
> list (SGL) to hold the set of actions to be performed.
> We map buffers in the SGL for DMA at the time they are added to the
> transaction.  For skb TX transactions, we fill the SGL with a call
> to skb_to_sgvec().  Page RX transactions involve a single page
> pointer, and that is recorded in the SGL with sg_set_page().  In
> both of these cases we then map the SGL for DMA with a call to
> dma_map_sg().
> Immediate commands are different.  The payload for an immediate
> command comes from a region of coherent DMA memory, which must
> *not* be mapped for DMA.  For that reason, gsi_trans_cmd_add()
> sort of hand-crafts each SGL entry added to a command transaction.
> This patch fixes a problem with the code that crafts the SGL entry
> for an immediate command.  Previously a portion of the SGL entry was
> updated using sg_set_buf().  However this is not valid because it
> includes a call to virt_to_page() on the buffer, but the command
> buffer pointer is not a linear address.
> Since we never actually map the SGL for command transactions, there
> are very few fields in the SGL we need to fill.  Specifically, we
> only need to record the DMA address and the length, so they can be
> used by __gsi_trans_commit() to fill a TRE.  We additionally need to
> preserve the SGL flags so for_each_sg() still works.  For that we
> can simply assign a null page pointer for command SGL entries.
> Fixes: 9dd441e4ed575 ("soc: qcom: ipa: GSI transactions")
> Reported-by: Stephen Boyd <>
> Tested-by: Stephen Boyd <>
> Signed-off-by: Alex Elder <>

Applied, thanks!

Powered by blists - more mailing lists