Received: by 10.223.164.202 with SMTP id h10csp2075594wrb; Fri, 24 Nov 2017 05:34:42 -0800 (PST) X-Google-Smtp-Source: AGs4zMbz4Uk31itHC3L/BmNwcesp+IFfXwotui58bPY+DcJrb+jYNmYQlWouDo/rtr8YJDryHcwn X-Received: by 10.98.67.154 with SMTP id l26mr27225380pfi.212.1511530482219; Fri, 24 Nov 2017 05:34:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511530482; cv=none; d=google.com; s=arc-20160816; b=ODBmf4+IsBWfUeMiqBxYFKYtlv6HgNRncmxVTyTmVo7h7vMgXtmNm1JLagvfrHuhZP k4NURDQ/dZs95MNyUinZs3BE0NWFzw7TqMIziRsULgL/osHCjmjPyLMXnBIqABGx9gHL 5xMHnih9xhgXs+V2N+zhRNNwG9cWqqTX0DCNeTDmDk/Dxlb5HFMYH8nnMKxnvFJGOu68 gRO8nsVUcXMU/96q9Wr7OyaOTJt6vzSu5/oIVn5ysAQb+u3yD36sE2OyXegdOZZ14/gw nh/PImX8y9VwkitKWH3J8ITujaUevMQxeFx6TesRUBRJHmOBjqG6j6MCho1gDe4IYo/G d+hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=fTxonfdIUwMXB9wCcYDuiTj7bZ4OaliL8enuhZbDfY0=; b=jj5BpBz/5srOmbs/WeRR/moLW1DD2wb5bCxw2dXUnHcTtRyYpMoYbxZZyy1UqisPqc A6RbOpd8qPpKqmQPAKw51zLwMmjBsMQElHCgMXPfk6z2/cAIDbkN+vFaPF7pV28Lo7DZ MI6jGk45faH50IlABwviZTNnWl6vjAlYMl+Q3SFv2bz5J8UQDgJz0yr3wMF8XanFi+G/ nOxTrmOvSaMlVvj63LvRUOfut0M+FUP1f/3CPpDMlv7IIG1qSwjQF1HYEBE13mfWEAF4 JmM68QhLalItQgVIPKUXuaHflwduLFmcLnnYMmcD0oyA+/gsHRgdycOGLbLStE/yGzjJ UfCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=RfRT9z8q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f7si20142001pff.45.2017.11.24.05.34.30; Fri, 24 Nov 2017 05:34:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=RfRT9z8q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753529AbdKXNds (ORCPT + 76 others); Fri, 24 Nov 2017 08:33:48 -0500 Received: from mail-qt0-f173.google.com ([209.85.216.173]:46583 "EHLO mail-qt0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752783AbdKXNdr (ORCPT ); Fri, 24 Nov 2017 08:33:47 -0500 Received: by mail-qt0-f173.google.com with SMTP id r39so31386210qtr.13 for ; Fri, 24 Nov 2017 05:33:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=fTxonfdIUwMXB9wCcYDuiTj7bZ4OaliL8enuhZbDfY0=; b=RfRT9z8qwTrOMKG5/lLdApC6cu/g98C8/vIQ4l659Tu7NAKiDn9JErFaQlmVi031sd t/BuzC66nDM0XcPSFsJW2oFkkJ5se7+Rgllzlh5G4IA92v2CYhVinai1yftNv1Z4zlOQ zui2UDfcY8v7wm6SiNRNs/4zMxk38ebBFtMIDh2ve3okQGb/DkLt+W24PzHz38A2ZHBh b9QMroz9Oo3LEjTjc9ZNnMoyBX9Dj4rilMcbQKj3Jtvmiu7n645koZU0dFJknFBr+jhh NyY52fnBi1UIq+4X/gu6fx0ucXPVEAOTOYehSzA8UfbCU19QMqbRfVssXK6yzhPZtqF1 ErkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=fTxonfdIUwMXB9wCcYDuiTj7bZ4OaliL8enuhZbDfY0=; b=DuIBbPPCyOCNMd1IyfalE+qDiBCv3SaFYDIX8mDtpgPTGYLCwzM9jfiOizijf+enFq n81D76aTrcO0IoIm6uKZmM3fuHqu7pEnroJtsmEFC7Fjo4n3TiYF5i5pEuVQR2vBpyrE qF2vm9QwOLM8qmvjapkjbM4YjC9XdGU3E0jbqEuxazdEgYszqbWxpLBQKwez17ed/8PI ToUIJUDUb13MitW/96EV9gs9dCqPsAa0+2N1vKZzZC9eEd17u7OJ26rZ4fawopWT5Ck7 n/NCLJMF4JEnCWcs+HiLnbFsmT9WwYPNZQgzi7MuUdJ2b6rU5epvkm/ZsU1/BxnKlzUl eMew== X-Gm-Message-State: AJaThX7D8lBnKK/5oakHeOe84otEaAFDfEHoXj++cMeWt93xb54nfv6Q WQGish7dJ9F9y8IFSQiFJSQ= X-Received: by 10.200.41.249 with SMTP id 54mr45232851qtt.312.1511530426417; Fri, 24 Nov 2017 05:33:46 -0800 (PST) Received: from localhost.localdomain (209-6-200-48.s4398.c3-0.smr-ubr2.sbo-smr.ma.cable.rcncustomer.com. [209.6.200.48]) by smtp.gmail.com with ESMTPSA id k34sm12269604qtk.5.2017.11.24.05.33.44 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 24 Nov 2017 05:33:45 -0800 (PST) Date: Fri, 24 Nov 2017 08:33:43 -0500 From: Konrad Rzeszutek Wilk To: Eric Yang Cc: Robin Murphy , Konrad Rzeszutek Wilk , "iommu@lists.linux-foundation.org" , Daniel Borkmann , Kees Cook , Geert Uytterhoeven , Greg Kroah-Hartman , "linux-kernel@vger.kernel.org" , Ingo Molnar , Al Viro , Andrey Ryabinin , Andrew Morton , David Miller Subject: Re: No check of the size passed to unmap_single in swiotlb Message-ID: <20171124133341.GB16160@localhost.localdomain> References: <20171120162652.GR24312@char.us.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.3 (2017-05-23) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ..snip.. > > There doesn't seem to be much good reason for SWIOTLB to be more special > > than other DMA API backends, and not all of them have enough internal state to > > be able to make such a check. It's also not necessarily possible to "prevent > > damage" anyway - if a driver does pass a bogus size for dma_unmap_single(..., > > DMA_FROM_DEVICE), SWIOTLB might be able to keep itself internally consistent, > > but it still can't prevent the arch code in the middle from invalidating the wrong > > cache lines and potentially corrupting adjacent memory. > > > > In short, trying to work around broken drivers is a much worse idea than just > > fixing those drivers, and that's what we already have dma-debug for. > > > > Robin. > > Hi Robin, > > I agree that hacking kernel to fix broken drivers is not acceptable, actually we spent days to fight driver supplier with this, they do not want to change their code and want fix it directly in kernel. You could upstream the driver? That way it will be fixed. I am not sure if you are aware but there is a staging directory as well in Linux. > > I tried Dma-debug yesterday, it works very well, but I think only the size mismatch check may not be enough for the map entry corrupt situation, some run-time warning may be better when the real corruption happen. > > For most of the dma-api backend, the size mismatch may do no harm at all, and even in SWIOTLB itself when the bounce buffer is not used, the size mismatch do no harm either. In our case, the same buggy driver works well when board has 2G DDR, but panic frequently in 4G DDR because of the use of bounce buffer and these corrupted map entries. it is hard to catch this kind of bugs, for when the corruption happen, the kernel has all kind of reasons to panic, but not even one may directly point to the real source. > > Add the warning messages is a big convenience for figure this kind of issues, at least to me and the AP driver supplier, such warnings may save weeks of hard debug time. I would prefer that all of those warning messages go in the DMA debug API - as you can have multiple DMA different backends. In other words, instead of being in one implementation it would make much more sense to be in the generic API layer. From 1584847283320899472@xxx Thu Nov 23 09:09:09 +0000 2017 X-GM-THRID: 1584572307773541083 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread