Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4707240pxb; Mon, 28 Mar 2022 01:44:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxWbOB+e0V4gmVJjM2p638MNm4ziIPe2zCpqPNgZrSJ0RLJbCqZWphEM1JasjoO+RFPyeCL X-Received: by 2002:a17:907:3e99:b0:6df:7ad3:f66b with SMTP id hs25-20020a1709073e9900b006df7ad3f66bmr26944495ejc.230.1648457040334; Mon, 28 Mar 2022 01:44:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648457040; cv=none; d=google.com; s=arc-20160816; b=l2/mjCA/ZcM6pSm71/xMubBl5RRZ+BMv3B5DmxS7cpWrilIc8HXA468XisQhNs4zzS s/5ESEmHCBVRmw6Qlzh413a8J1IfFmDetQQYhOulKpkPxz7HXD1TWIJDTfxHq/IHKT1O VLeVWf6dZL1005rL5P8EZRjX2g6tr1SXWFbQu7XAeWm0/s9f9ji34iKZCxa8vi54s6H5 l36YjQ45xytXWSvDPqp4Zn8b3qEJdP6YNm6Oa8c8WjKV7IN5Bo/8GiPYvORRtKbVgTZs xKsNDyd+XXkK7ojYkPjxLgXQsWu/dYeEm9t+QzLj8qfr8qor+1g/ERE9d75RgfMFNmMF HFXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=OQOFDrIFh2bz70XHqIr89KbFLDHUuV5VP66dlTu2bGw=; b=l0rGPIUYe6v2FizxNBkfizEpyLej3OFrTDU5CLSg1AXunoZg0Rm/n1HtSTu/aEi9sv FJpXfznZqgvDcwWCfAkB3+Rba4o6H5A9YY2es+8tY02N78RNwnZaHyCj2dZroCAQOXCt BWQ5GmCtbt1iGs08FxPc1M+fg7R2TJX3kGEc8Nb8VkeLfUZhGn9qtkHmXBX11FeQc8+1 ljmwaRNnZUjPyyjJp25z6zFkf2At4FlLz/MESo4l3zHXQOGmhB9iQCfvGsH0/RG4PARB EtFKJheexnwfpMxngIdZa6sjXn27VzjMUnEegjdVQPIPvHfqW4gH1zeaJ5AoYru7Y2Tq sD7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=UaVNLwcZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l6-20020a056402124600b00419d380ddbfsi5048993edw.8.2022.03.28.01.43.35; Mon, 28 Mar 2022 01:44:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=UaVNLwcZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236167AbiC0SER (ORCPT + 99 others); Sun, 27 Mar 2022 14:04:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236082AbiC0SEP (ORCPT ); Sun, 27 Mar 2022 14:04:15 -0400 Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EB0A344FC for ; Sun, 27 Mar 2022 11:02:36 -0700 (PDT) Received: by mail-lj1-x22a.google.com with SMTP id q5so16399133ljb.11 for ; Sun, 27 Mar 2022 11:02:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OQOFDrIFh2bz70XHqIr89KbFLDHUuV5VP66dlTu2bGw=; b=UaVNLwcZnvNLhG+fejMyq3YjMXYSMxy5CO44s6uUwA0vwEwVOizoIns9xkanN7LLp0 W1vSRjwHVhQ+ttok6Z7J+uole/YvctKvrH6MJNpHghzdUIo/cKLR1r4McGrH4Vruxf7W HID+h3OJaj/oQ34G67d/vgqL0v6Fwqnq6rLSY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OQOFDrIFh2bz70XHqIr89KbFLDHUuV5VP66dlTu2bGw=; b=v4zaD8/NwrHeGa4HKic1dmmXJ5n2H/L8eTfBZ8V48FI4Fd0U/4cn30C/2s/L05+sK1 41qtZAoDrjREgRu5HAREOXbG5NgvnJwC7Z4lN6E0Ep27fX+p5IFtKIeL1+O5JtxvIBXX FuYxx2gkU6Rmc0KlwUdiK9+nfoHqDLmKYjhUgOMyl+3zQU6bDmpj/WXJyjT2pz+rfpPQ ZIp+eniU6h7Bx3XpPun7eUP9rBdOmoS5ulAfTcpsF5pRNWZBYrzIyVdWKNkW3RR/gXtn TqwBRW9IInRooaz/nDp9GNQz6aaTejzDgq6FyJWj8lpkhNI02e3E2Ok4P1RNRKe+ZwpN B0Kw== X-Gm-Message-State: AOAM532FgqHbLSDKxgHJH9WAnuPHEPkvjuVvewBgKCC1NAoSJyD9oJ5v OaLGrdiAZRZ0t7gc9VZu6fZzbYbZcOD9s3vNphk= X-Received: by 2002:a2e:1544:0:b0:247:dce4:681 with SMTP id 4-20020a2e1544000000b00247dce40681mr16904931ljv.430.1648404154029; Sun, 27 Mar 2022 11:02:34 -0700 (PDT) Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com. [209.85.167.45]) by smtp.gmail.com with ESMTPSA id b14-20020a0565120b8e00b0044a29806f79sm1416776lfv.259.2022.03.27.11.02.29 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 27 Mar 2022 11:02:30 -0700 (PDT) Received: by mail-lf1-f45.google.com with SMTP id h7so21220284lfl.2 for ; Sun, 27 Mar 2022 11:02:29 -0700 (PDT) X-Received: by 2002:a05:6512:3d8f:b0:44a:2c65:8323 with SMTP id k15-20020a0565123d8f00b0044a2c658323mr16370626lfv.52.1648404149184; Sun, 27 Mar 2022 11:02:29 -0700 (PDT) MIME-Version: 1.0 References: <20220325150419.757836392@linuxfoundation.org> <20220325150420.085364078@linuxfoundation.org> In-Reply-To: From: Linus Torvalds Date: Sun, 27 Mar 2022 11:02:12 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 5.10 11/38] swiotlb: rework "fix info leak with DMA_FROM_DEVICE" To: Greg Kroah-Hartman Cc: Linux Kernel Mailing List , stable , Halil Pasic , Christoph Hellwig Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Mar 27, 2022 at 2:30 AM Greg Kroah-Hartman wrote: > > But why did you just revert that commit, and not the previous one (i.e. > the one that this one "fixes")? Shouldn't ddbd89deb7d3 ("swiotlb: fix > info leak with DMA_FROM_DEVICE") also be dropped? The previous one wasn't obviously broken, and while it's a bit ugly, it doesn't have the fundamental issues that the "fix" commit had. And it does fix the whole "bounce buffer contents are undefined, and can get copied back later" at the bounce buffer allocation (well, "mapping") stage. Which could cause wasted CPU cycles and isn't great, but should fix the stale content thing for at least the common "map DMA, do DMA, unmap" situation. What commit aa6f8dcbab47 tried to fix was the "do multiple DMA sequences using one single mapping" case, but that's also what then broke ath9k because it really does want to do exactly that, but it very much needs to do it using the same buffer with no "let's reset it". So I think you're fine to drop ddbd89deb7d3 too, but that commit doesn't seem *wrong* per se. I do think we need some model for "clear the bounce buffer of stale data", and I do think that commit ddbd89deb7d3 probably isn't the final word, but we don't actually _have_ the final word on this all, so stable dropping it all is sane. But as mentioned, commit ddbd89deb7d3 can actually fix some cases. In particular, I do think it fixes the SG_IO data leak case that triggered the whole issue. It was just then the "let's expand on this fix" that was a disaster. Linus