lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Mar 2022 05:48:48 +0200 From: Halil Pasic <pasic@...ux.ibm.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Toke Høiland-Jørgensen <toke@...e.dk>, Robin Murphy <robin.murphy@....com>, Christoph Hellwig <hch@....de>, Maxime Bizon <mbizon@...ebox.fr>, Oleksandr Natalenko <oleksandr@...alenko.name>, Marek Szyprowski <m.szyprowski@...sung.com>, Kalle Valo <kvalo@...nel.org>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Olha Cherevyk <olha.cherevyk@...il.com>, iommu <iommu@...ts.linux-foundation.org>, linux-wireless <linux-wireless@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable <stable@...r.kernel.org>, Halil Pasic <pasic@...ux.ibm.com> Subject: Re: [REGRESSION] Recent swiotlb DMA_FROM_DEVICE fixes break ath9k-based AP On Thu, 24 Mar 2022 12:26:53 -0700 Linus Torvalds <torvalds@...ux-foundation.org> wrote: > So I don't think the dma_sync_single_for_device() is *wrong* per se, > because the CPU didn't actually do any modifications. > > But yes, I think it's unnecessary - because any later CPU accesses > would need that dma_sync_single_for_cpu() anyway, which should > invalidate any stale caches. > > And it clearly doesn't work in a bounce-buffer situation, but honestly > I don't think a "CPU modified buffers concurrently with DMA" can > *ever* work in that situation, so I think it's wrong for a bounce > buffer model to ever do anything in the dma_sync_single_for_device() > situation. I agree it CPU modified buffers *concurrently* with DMA can never work, and I believe the ownership model was conceived to prevent this situation. But a CPU can modify the buffer *after* DMA has written to it, while the mapping is still alive. For example one could do one partial read from the device, *after* the DMA is done, sync_for_cpu(DMA_FROM_DEVICE), examine, then zero out the entire buffer, sync_for_device(DMA_FROM_DEVICE), make the device do partial DMA, do dma_unmap and expect no residue from the fist DMA. That is expect that the zeroing out was effective. The point I'm trying to make is: if concurrent is even permitted (it isn't because of ownership) swiotlb woudn't know if we are dealing with the *concurrent* case, which is completely bogous, or with the *sequential* case, which at least in theory could work. And if we don't do anyting on the sync_for_device(DMA_FROM_DEVICE) we render that zeroing out the entire buffer form my example ineffective, because it would not reach the bounce buffer, and on dma_unmap we would overwrite the original buffer with the content of the bounce buffer. Regards, Halil
Powered by blists - more mailing lists