lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 30 Mar 2022 14:11:54 +0200
From:   Halil Pasic <>
To:     Christoph Hellwig <>
Cc:     Linus Torvalds <>,
        Robin Murphy <>,
        Toke Høiland-Jørgensen <>,
        Oleksandr Natalenko <>,
        Marek Szyprowski <>,
        Kalle Valo <>,
        "David S. Miller" <>,
        Jakub Kicinski <>,
        Paolo Abeni <>,
        Olha Cherevyk <>,
        iommu <>,
        linux-wireless <>,
        Netdev <>,
        Linux Kernel Mailing List <>,
        Greg Kroah-Hartman <>,
        stable <>,
        Halil Pasic <>
Subject: Re: [REGRESSION] Recent swiotlb DMA_FROM_DEVICE fixes break
 ath9k-based AP

On Mon, 28 Mar 2022 08:37:23 +0200
Christoph Hellwig <> wrote:

> On Fri, Mar 25, 2022 at 11:46:09AM -0700, Linus Torvalds wrote:
> > I think my list of three different sync cases (not just two! It's not
> > just about whether to sync for the CPU or the device, it's also about
> > what direction the data itself is taking) is correct.
> > 
> > But maybe I'm wrong.  
> At the high level you are correct.  It is all about which direction
> the data is taking.  That is the direction argument that all the
> map/unmap/sync call take.  The sync calls then just toggle the ownership.
> You seem to hate that ownership concept, but I don't see how things
> could work without that ownership concept as we're going to be in
> trouble without having that.  And yes, a peek operation could work in
> some cases, but it would have to be at the cache line granularity.
> arch/arc/mm/dma.c has a really good comment how these transfers relate
> to actual cache operations btw>
>  *
>  *          |   map          ==  for_device     |   unmap     ==  for_cpu
>  *          |----------------------------------------------------------------
>  * TO_DEV   |   writeback        writeback      |   none          none
>  * FROM_DEV |   invalidate       invalidate     |   invalidate*	  invalidate*

Very interesting! Does that mean that

memset(buf, 0, size);
dma_map(buf, size, FROM_DEVICE)
device does a partial write
dma_unmap(buf, size, FROM_DEVICE)

may boil down to being the same as without the memset(), because the
effect of the memset() may get thrown away by the cache invalidate?

That is in this scenario we could actually leak the original content of
the buffer if we have a non-dma-coherent cache?


>  * BIDIR    |   writeback+inv    writeback+inv  |   invalidate    invalidate
>  *
>  *     [*] needed for CPU speculative prefetches

Powered by blists - more mailing lists