lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Zf4pMcnEvCt/N25b@bart.dudau.co.uk>
Date: Sat, 23 Mar 2024 00:58:25 +0000
From: Liviu Dudau <liviu@...au.co.uk>
To: Bjørn Mork <bjorn@...k.no>
Cc: netdev@...r.kernel.org,
	Chandrashekar Devegowda <chandrashekar.devegowda@...el.com>,
	Haijun Liu <haijun.liu@...iatek.com>,
	Chiranjeevi Rapolu <chiranjeevi.rapolu@...ux.intel.com>,
	M Chetan Kumar <m.chetan.kumar@...ux.intel.com>,
	Ricardo Martinez <ricardo.martinez@...ux.intel.com>,
	Loic Poulain <loic.poulain@...aro.org>,
	Sergey Ryazanov <ryazanov.s.a@...il.com>,
	Johannes Berg <johannes@...solutions.net>,
	"David S . Miller" <davem@...emloft.net>
Subject: Re: [PATCH net] net: wwan: t7xx: Split 64bit accesses to fix
 alignment issues

On Fri, Mar 22, 2024 at 03:40:00PM +0100, Bjørn Mork wrote:
> Some of the registers are aligned on a 32bit boundary, causing
> alignment faults on 64bit platforms.
> 
>  Unable to handle kernel paging request at virtual address ffffffc084a1d004
>  Mem abort info:
>  ESR = 0x0000000096000061
>  EC = 0x25: DABT (current EL), IL = 32 bits
>  SET = 0, FnV = 0
>  EA = 0, S1PTW = 0
>  FSC = 0x21: alignment fault
>  Data abort info:
>  ISV = 0, ISS = 0x00000061, ISS2 = 0x00000000
>  CM = 0, WnR = 1, TnD = 0, TagAccess = 0
>  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
>  swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ad6000
>  [ffffffc084a1d004] pgd=100000013ffff003, p4d=100000013ffff003, pud=100000013ffff003, pmd=0068000020a00711
>  Internal error: Oops: 0000000096000061 [#1] SMP
>  Modules linked in: mtk_t7xx(+) qcserial pppoe ppp_async option nft_fib_inet nf_flow_table_inet mt7921u(O) mt7921s(O) mt7921e(O) mt7921_common(O) iwlmvm(O) iwldvm(O) usb_wwan rndis_host qmi_wwan pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack mt7996e(O) mt792x_usb(O) mt792x_lib(O) mt7915e(O) mt76_usb(O) mt76_sdio(O) mt76_connac_lib(O) mt76(O) mac80211(O) iwlwifi(O) huawei_cdc_ncm cfg80211(O) cdc_ncm cdc_ether wwan usbserial usbnet slhc sfp rtc_pcf8563 nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 mt6577_auxadc mdio_i2c libcrc32c compat(O) cdc_wdm cdc_acm at24 crypto_safexcel pwm_fan i2c_gpio i2c_smbus industrialio i2c_algo_bit i2c_mux_reg i2c_mux_pca954x i2c_mux_pca9541 i2c_mux_gpio i2c_mux dummy oid_registry tun sha512_arm64 sha1_ce sha1_generic seqiv
>  md5 geniv des_generic libdes cbc authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd xhci_hcd nvme nvme_core gpio_button_hotplug(O) dm_mirror dm_region_hash dm_log dm_crypt dm_mod dax usbcore usb_common ptp aquantia pps_core mii tpm encrypted_keys trusted
>  CPU: 3 PID: 5266 Comm: kworker/u9:1 Tainted: G O 6.6.22 #0
>  Hardware name: Bananapi BPI-R4 (DT)
>  Workqueue: md_hk_wq t7xx_fsm_uninit [mtk_t7xx]
>  pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>  pc : t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]
>  lr : t7xx_cldma_start+0xac/0x13c [mtk_t7xx]
>  sp : ffffffc085d63d30
>  x29: ffffffc085d63d30 x28: 0000000000000000 x27: 0000000000000000
>  x26: 0000000000000000 x25: ffffff80c804f2c0 x24: ffffff80ca196c05
>  x23: 0000000000000000 x22: ffffff80c814b9b8 x21: ffffff80c814b128
>  x20: 0000000000000001 x19: ffffff80c814b080 x18: 0000000000000014
>  x17: 0000000055c9806b x16: 000000007c5296d0 x15: 000000000f6bca68
>  x14: 00000000dbdbdce4 x13: 000000001aeaf72a x12: 0000000000000001
>  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
>  x8 : ffffff80ca1ef6b4 x7 : ffffff80c814b818 x6 : 0000000000000018
>  x5 : 0000000000000870 x4 : 0000000000000000 x3 : 0000000000000000
>  x2 : 000000010a947000 x1 : ffffffc084a1d004 x0 : ffffffc084a1d004
>  Call trace:
>  t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]
>  t7xx_fsm_uninit+0x578/0x5ec [mtk_t7xx]
>  process_one_work+0x154/0x2a0
>  worker_thread+0x2ac/0x488
>  kthread+0xe0/0xec
>  ret_from_fork+0x10/0x20
>  Code: f9400800 91001000 8b214001 d50332bf (f9000022)
>  ---[ end trace 0000000000000000 ]---
> 
> The inclusion of io-64-nonatomic-lo-hi.h indicates that all 64bit
> accesses can be replaced by pairs of nonatomic 32bit access.  Fix
> alignment by forcing all accesses to be 32bit on 64bit platforms.
> 
> Link: https://forum.openwrt.org/t/fibocom-fm350-gl-support/142682/72
> Fixes: 39d439047f1d ("net: wwan: t7xx: Add control DMA interface")
> Signed-off-by: Bjørn Mork <bjorn@...k.no>

Tested-by: Liviu Dudau <liviu@...au.co.uk>

Modem still fails to transition from D3hot to D0, but that is unrelated
to this patch.

> ---
>  drivers/net/wwan/t7xx/t7xx_cldma.c     | 4 ++--
>  drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +++++----
>  drivers/net/wwan/t7xx/t7xx_pcie_mac.c  | 8 ++++----
>  3 files changed, 11 insertions(+), 10 deletions(-)
> 
> diff --git a/drivers/net/wwan/t7xx/t7xx_cldma.c b/drivers/net/wwan/t7xx/t7xx_cldma.c
> index 9f43f256db1d..f0a4783baf1f 100644
> --- a/drivers/net/wwan/t7xx/t7xx_cldma.c
> +++ b/drivers/net/wwan/t7xx/t7xx_cldma.c
> @@ -106,7 +106,7 @@ bool t7xx_cldma_tx_addr_is_set(struct t7xx_cldma_hw *hw_info, unsigned int qno)
>  {
>  	u32 offset = REG_CLDMA_UL_START_ADDRL_0 + qno * ADDR_SIZE;
>  
> -	return ioread64(hw_info->ap_pdn_base + offset);
> +	return ioread64_lo_hi(hw_info->ap_pdn_base + offset);
>  }
>  
>  void t7xx_cldma_hw_set_start_addr(struct t7xx_cldma_hw *hw_info, unsigned int qno, u64 address,
> @@ -117,7 +117,7 @@ void t7xx_cldma_hw_set_start_addr(struct t7xx_cldma_hw *hw_info, unsigned int qn
>  
>  	reg = tx_rx == MTK_RX ? hw_info->ap_ao_base + REG_CLDMA_DL_START_ADDRL_0 :
>  				hw_info->ap_pdn_base + REG_CLDMA_UL_START_ADDRL_0;
> -	iowrite64(address, reg + offset);
> +	iowrite64_lo_hi(address, reg + offset);
>  }
>  
>  void t7xx_cldma_hw_resume_queue(struct t7xx_cldma_hw *hw_info, unsigned int qno,
> diff --git a/drivers/net/wwan/t7xx/t7xx_hif_cldma.c b/drivers/net/wwan/t7xx/t7xx_hif_cldma.c
> index abc41a7089fa..97163e1e5783 100644
> --- a/drivers/net/wwan/t7xx/t7xx_hif_cldma.c
> +++ b/drivers/net/wwan/t7xx/t7xx_hif_cldma.c
> @@ -137,8 +137,9 @@ static int t7xx_cldma_gpd_rx_from_q(struct cldma_queue *queue, int budget, bool
>  				return -ENODEV;
>  			}
>  
> -			gpd_addr = ioread64(hw_info->ap_pdn_base + REG_CLDMA_DL_CURRENT_ADDRL_0 +
> -					    queue->index * sizeof(u64));
> +			gpd_addr = ioread64_lo_hi(hw_info->ap_pdn_base +
> +						  REG_CLDMA_DL_CURRENT_ADDRL_0 +
> +						  queue->index * sizeof(u64));
>  			if (req->gpd_addr == gpd_addr || hwo_polling_count++ >= 100)
>  				return 0;
>  
> @@ -316,8 +317,8 @@ static void t7xx_cldma_txq_empty_hndl(struct cldma_queue *queue)
>  		struct t7xx_cldma_hw *hw_info = &md_ctrl->hw_info;
>  
>  		/* Check current processing TGPD, 64-bit address is in a table by Q index */
> -		ul_curr_addr = ioread64(hw_info->ap_pdn_base + REG_CLDMA_UL_CURRENT_ADDRL_0 +
> -					queue->index * sizeof(u64));
> +		ul_curr_addr = ioread64_lo_hi(hw_info->ap_pdn_base + REG_CLDMA_UL_CURRENT_ADDRL_0 +
> +					      queue->index * sizeof(u64));
>  		if (req->gpd_addr != ul_curr_addr) {
>  			spin_unlock_irqrestore(&md_ctrl->cldma_lock, flags);
>  			dev_err(md_ctrl->dev, "CLDMA%d queue %d is not empty\n",

I don't think any change past this point is needed. I don't know how the
PCIe translation adddress registers are defined for T7xx devices, but they
usually are 64bit aligned. In my local version of the patch I didn't had
the changes below and I had the same results as with this patch.

I will let others with access to the specs to decide though.

Thanks for the quick patch!

Best regards,
Liviu

> diff --git a/drivers/net/wwan/t7xx/t7xx_pcie_mac.c b/drivers/net/wwan/t7xx/t7xx_pcie_mac.c
> index 76da4c15e3de..f071ec7ff23d 100644
> --- a/drivers/net/wwan/t7xx/t7xx_pcie_mac.c
> +++ b/drivers/net/wwan/t7xx/t7xx_pcie_mac.c
> @@ -75,7 +75,7 @@ static void t7xx_pcie_mac_atr_tables_dis(void __iomem *pbase, enum t7xx_atr_src_
>  	for (i = 0; i < ATR_TABLE_NUM_PER_ATR; i++) {
>  		offset = ATR_PORT_OFFSET * port + ATR_TABLE_OFFSET * i;
>  		reg = pbase + ATR_PCIE_WIN0_T0_ATR_PARAM_SRC_ADDR + offset;
> -		iowrite64(0, reg);
> +		iowrite64_lo_hi(0, reg);
>  	}
>  }
>  
> @@ -112,17 +112,17 @@ static int t7xx_pcie_mac_atr_cfg(struct t7xx_pci_dev *t7xx_dev, struct t7xx_atr_
>  
>  	reg = pbase + ATR_PCIE_WIN0_T0_TRSL_ADDR + offset;
>  	value = cfg->trsl_addr & ATR_PCIE_WIN0_ADDR_ALGMT;
> -	iowrite64(value, reg);
> +	iowrite64_lo_hi(value, reg);
>  
>  	reg = pbase + ATR_PCIE_WIN0_T0_TRSL_PARAM + offset;
>  	iowrite32(cfg->trsl_id, reg);
>  
>  	reg = pbase + ATR_PCIE_WIN0_T0_ATR_PARAM_SRC_ADDR + offset;
>  	value = (cfg->src_addr & ATR_PCIE_WIN0_ADDR_ALGMT) | (atr_size << 1) | BIT(0);
> -	iowrite64(value, reg);
> +	iowrite64_lo_hi(value, reg);
>  
>  	/* Ensure ATR is set */
> -	ioread64(reg);
> +	ioread64_lo_hi(reg);
>  	return 0;
>  }
>  
> -- 
> 2.39.2
> 

-- 
Everyone who uses computers frequently has had, from time to time,
a mad desire to attack the precocious abacus with an axe.
       	   	      	     	  -- John D. Clark, Ignition!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ