lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 25 Mar 2022 19:14:20 +0000
From:   Robin Murphy <>
To:     Linus Torvalds <>,
        Maxime Bizon <>
Cc:     Toke Høiland-Jørgensen <>,
        Christoph Hellwig <>,
        Oleksandr Natalenko <>,
        Halil Pasic <>,
        Marek Szyprowski <>,
        Kalle Valo <>,
        "David S. Miller" <>,
        Jakub Kicinski <>,
        Paolo Abeni <>,
        Olha Cherevyk <>,
        iommu <>,
        linux-wireless <>,
        Netdev <>,
        Linux Kernel Mailing List <>,
        Greg Kroah-Hartman <>,
        stable <>
Subject: Re: [REGRESSION] Recent swiotlb DMA_FROM_DEVICE fixes break
 ath9k-based AP

On 2022-03-25 18:30, Linus Torvalds wrote:
> On Fri, Mar 25, 2022 at 3:25 AM Maxime Bizon <> wrote:
>> In the non-cache-coherent scenario, and assuming dma_map() did an
>> initial cache invalidation, you can write this:
> .. but the problem is that the dma mapping code is supposed to just
> work, and the driver isn't supposed to know or care whether dma is
> coherent or not, or using bounce buffers or not.
> And currently it doesn't work.
> Because what that ath9k driver does is "natural", but it's wrong for
> the bounce buffer case.
> And I think the problem is squarely on the dma-mapping side for two reasons:
>   (a) this used to work, now it doesn't, and it's unclear how many
> other drivers are affected
>   (b) the dma-mapping naming and calling conventions are horrible and
> actively misleading
> That (a) is a big deal. The reason the ath9k issue was found quickly
> is very likely *NOT* because ath9k is the only thing affected. No,
> it's because ath9k is relatively common.
> Just grep for dma_sync_single_for_device() and ask yourself: how many
> of those other drivers have you ever even HEARD of, much less be able
> to test?
> And that's just one "dma_sync" function. Admittedly it's likely one of
> the more common ones, but still..
> Now, (b) is why I think driver nufgt get this so wrong - or, in this
> case, possibly the dma-mapping code itself.
> The naming - and even the documentation(!!!) - implies that what ath9k
> The documentation clearly states:
>    "Before giving the memory to the device, dma_sync_single_for_device() needs
>     to be called, and before reading memory written by the device,
>     dma_sync_single_for_cpu(), just like for streaming DMA mappings that are
>     reused"

Except that's documentation for the non-coherent allocation API, rather 
than the streaming API in question here. I'll refrain from commenting on 
having at least 3 DMA APIs, with the same set of sync functions serving 
two of them, and just stand back a safe distance...

Anyway, the appropriate part of that document is probably:

   "You must do this:

    - Before reading values that have been written by DMA from the device
      (use the DMA_FROM_DEVICE direction)"

I'm not saying it constitutes *good* documentation, but I would note how 
it says "have been written", and not "are currently being written". 
Similarly from the HOWTO:

    "If you need to use the same streaming DMA region multiple times and
     touch the data in between the DMA transfers, the buffer needs to be
     synced properly..."

Note "between the DMA transfers", and not "during the DMA transfers". 
The fundamental assumption of the streaming API is that only one thing 
is ever accessing the mapping at any given time, which is what the whole 
notion of ownership is about.


Powered by blists - more mailing lists