lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 7 Oct 2021 12:59:32 +0200
From:   Karsten Graul <kgraul@...ux.ibm.com>
To:     Robin Murphy <robin.murphy@....com>,
        Gerald Schaefer <gerald.schaefer@...ux.ibm.com>,
        Hamza Mahfooz <someguy@...ective-light.com>,
        Christoph Hellwig <hch@....de>,
        Dan Williams <dan.j.williams@...el.com>
Cc:     Ioana Ciornei <ioana.ciornei@....com>,
        Jeremy Linton <jeremy.linton@....com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        "iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        linux-s390 <linux-s390@...r.kernel.org>
Subject: Re: DPAA2 triggers, [PATCH] dma debug: report -EEXIST errors in
 add_dma_entry

On 06/10/2021 16:23, Robin Murphy wrote:
> On 2021-10-06 14:10, Gerald Schaefer wrote:
>> On Fri, 1 Oct 2021 14:52:56 +0200
>> Gerald Schaefer <gerald.schaefer@...ux.ibm.com> wrote:
>>
>>> On Thu, 30 Sep 2021 15:37:33 +0200
>>> Karsten Graul <kgraul@...ux.ibm.com> wrote:
>>>
>>>> On 14/09/2021 17:45, Ioana Ciornei wrote:
>>>>> On Wed, Sep 08, 2021 at 10:33:26PM -0500, Jeremy Linton wrote:
>>>>>> +DPAA2, netdev maintainers
>>>>>> Hi,
>>>>>>
>>>>>> On 5/18/21 7:54 AM, Hamza Mahfooz wrote:
>>>>>>> Since, overlapping mappings are not supported by the DMA API we should
>>>>>>> report an error if active_cacheline_insert returns -EEXIST.
>>>>>>
>>>>>> It seems this patch found a victim. I was trying to run iperf3 on a
>>>>>> honeycomb (5.14.0, fedora 35) and the console is blasting this error message
>>>>>> at 100% cpu. So, I changed it to a WARN_ONCE() to get the call trace, which
>>>>>> is attached below.
>>>>>>
>>>>>
>>>>> These frags are allocated by the stack, transformed into a scatterlist
>>>>> by skb_to_sgvec and then DMA mapped with dma_map_sg. It was not the
>>>>> dpaa2-eth's decision to use two fragments from the same page (that will
>>>>> also end un in the same cacheline) in two different in-flight skbs.
>>>>>
>>>>> Is this behavior normal?
>>>>>
>>>>
>>>> We see the same problem here and it started with 5.15-rc2 in our nightly CI runs.
>>>> The CI has panic_on_warn enabled so we see the panic every day now.
>>>
>>> Adding a WARN for a case that be detected false-positive seems not
>>> acceptable, exactly for this reason (kernel panic on unaffected
>>> systems).
>>>
>>> So I guess it boils down to the question if the behavior that Ioana
>>> described is legit behavior, on a system that is dma coherent. We
>>> are apparently hitting the same scenario, although it could not yet be
>>> reproduced with debug printks for some reason.
>>>
>>> If the answer is yes, than please remove at lease the WARN, so that
>>> it will not make systems crash that behave valid, and have
>>> panic_on_warn set. Even a normal printk feels wrong to me in that
>>> case, it really sounds rather like you want to fix / better refine
>>> the overlap check, if you want to report anything here.
>>
>> Dan, Christoph, any opinion?
>>
>> So far it all looks a lot like a false positive, so could you please
>> see that those patches get reverted? I do wonder a bit why this is
>> not an issue for others, we surely cannot be the only ones running
>> CI with panic_on_warn.
> 
> What convinces you it's a false-positive? I'm hardly familiar with most of that callstack, but it appears to be related to mlx5, and I know that exists on expansion cards which could be plugged into a system with non-coherent PCIe where partial cacheline overlap *would* be a real issue. Of course it's dubious that there are many real use-cases for plugging a NIC with a 4-figure price tag into a little i.MX8 or whatever, but the point is that it *should* still work correctly.
> 
>> We would need to disable DEBUG_DMA if this WARN stays in, which
>> would be a shame. Of course, in theory, this might also indicate
>> some real bug, but there really is no sign of that so far.
> 
> The whole point of DMA debug is to flag up things that you *do* get away with on the vast majority of systems, precisely because most testing happens on those systems rather than more esoteric embedded setups. Say your system only uses dma-direct and a driver starts triggering the warning for not calling dma_mapping_error(), would you argue for removing that warning as well since dma_map_single() can't fail on your machine so it's "not a bug"?
> 
>> Having multiple sg elements in the same page (or cacheline) is
>> valid, correct? And this is also not a decision of the driver
>> IIUC, so if it was bug, it should be addressed in common code,
>> correct?
> 
> According to the streaming DMA API documentation, it is *not* valid:
> 
> ".. warning::
> 
>   Memory coherency operates at a granularity called the cache
>   line width.  In order for memory mapped by this API to operate
>   correctly, the mapped region must begin exactly on a cache line
>   boundary and end exactly on one (to prevent two separately mapped
>   regions from sharing a single cache line).  Since the cache line size
>   may not be known at compile time, the API will not enforce this
>   requirement.  Therefore, it is recommended that driver writers who
>   don't take special care to determine the cache line size at run time
>   only map virtual regions that begin and end on page boundaries (which
>   are guaranteed also to be cache line boundaries)."
> 
>>> BTW, there is already a WARN in the add_dma_entry() path, related
>>> to cachlline overlap and -EEXIST:
>>>
>>> add_dma_entry() -> active_cacheline_insert() -> -EEXIST ->
>>> active_cacheline_inc_overlap()
>>>
>>> That will only trigger when "overlap > ACTIVE_CACHELINE_MAX_OVERLAP".
>>> Not familiar with that code, but it seems that there are now two
>>> warnings for more or less the same, and the new warning is much more
>>> prone to false-positives.
>>>
>>> How do these 2 warnings relate, are they both really necessary?
>>> I think the new warning was only introduced because of some old
>>> TODO comment in add_dma_entry(), see commit 2b4bbc6231d78
>>> ("dma-debug: report -EEXIST errors in add_dma_entry").
> 
> AFAICS they are different things. I believe the new warning is supposed to be for the fundementally incorrect API usage (as above) of mapping different regions overlapping within the same cacheline. The existing one is about dma-debug losing internal consistency when tracking the *same* region being mapped multiple times, which is a legal thing to do - e.g. buffer sharing between devices - but if anyone's doing it to excess that's almost certainly a bug (i.e. they probably intended to unmap it in between but missed that out).

Thanks for the explanation Robin. 

In our case its really that a buffer is mapped twice for 2 different devices which we use in SMC to provide failover capabilities. We see that -EEXIST is returned when a buffer is mapped for the second device. Since there is a maximum of 2 parallel mappings we never see the warning shown by active_cacheline_inc_overlap() because we don't exceed ACTIVE_CACHELINE_MAX_OVERLAP.

So how to deal with this kind of "legal thing", looks like there is no way to suppress the newly introduced EEXIST warning for that case?


Karsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ