Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2489006pxu; Mon, 7 Dec 2020 07:54:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJwl840qNkxmqE3hsrPulqG1a0vCGEjRXRJgkSj0BCo4iqQ3g8e8RXJLfP+5o5PhLKbOdTvB X-Received: by 2002:a17:906:3081:: with SMTP id 1mr20251768ejv.162.1607356482525; Mon, 07 Dec 2020 07:54:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607356482; cv=none; d=google.com; s=arc-20160816; b=EKoi+qffd2XBt61IoMWzg2UB/uH4J0mui4sTds7GV2o7yXeyQdTYKXuTDiB/EG0ymT aU6ZDRyCE6oqtaImHOz1FK3Sh29UnmgB3URD5f34hEneP73Mkgkd8KWDRmmslkytKm4E zMPE/xTy4Ne81inhDdx60vRpF8dJvAKA48cYSmbqPA4AVgyvuZkK8jcSQiEnnrkUoMQh qOjXUNmEzxWTiV4KSif700bgbWbzFOGKI8T62PkScL/zvVkDOF8gV+qevS2ESZWP3eGi XAvhwsXBjkDuweyAJuLRza62Prc1/jAPupFILAl/7sMh6y1S2Bq2ojhvXjOQO4lpOoh2 T0xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=iOkZ3W3L6bSlN1APqwo5nIbtEaSMrjF8AC1jOpzqAYQ=; b=FPH8qJGVHmYR2BO8XixnUrlVthkUuBIZw8Hg/N7s/5Zd8Jks2N9oa6xvm3COTH7zfl 2/WQB7YKuWj9io0+UhND6DWxmoA9vZTGnufIKbeu1KWO8UDCqoBS65Kc7sjfcn9OwJYz rHhw1aw+VdTP+1D9QMPYjfbPfOndbV/VyVdZ4O67rJs+bU8iHLezlj/AwMOeUVgKJVpa gtjDKR/5qAfVe/0mct+Qrxx0zmw0RLW5FXYttot1Xd3dCxKRLj1xPYSh9wI5RpJs9ts2 BW4RSxEVifV4LvOyyHkgagtltxzuD30Mm87kqayu8+vGuba/KB76Gjq57f7HT+9aSjhy qhlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=DLUeAs6z; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j7si7600798ejm.185.2020.12.07.07.54.10; Mon, 07 Dec 2020 07:54:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=DLUeAs6z; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726249AbgLGPyF (ORCPT + 99 others); Mon, 7 Dec 2020 10:54:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725774AbgLGPyF (ORCPT ); Mon, 7 Dec 2020 10:54:05 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FBE4C061749; Mon, 7 Dec 2020 07:53:25 -0800 (PST) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1607356403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=iOkZ3W3L6bSlN1APqwo5nIbtEaSMrjF8AC1jOpzqAYQ=; b=DLUeAs6z7ruzwD1nO9N5q2h9ySs502k7C/NjLDlKP3QPiqtaYKGnGduBhA7hvz0PJ/mCXG /2yd7g6u1OAOE0+FtCgqBlqlH1ojAFEfpgvstJxlVYP/7OxX37BW70nEjPzRCz8grX+K7v 36tsLhxo3zsPPC8aywkLsI78RRXtzEePzzF4IiKLq8z4c/OKCygD/IJbbZ066VSKyZnNSR hpX0rm1sa9NIWtTQwVC/Pslf4VYwZ8ZV2cXSzsDoLXiKt/Y79GOIpiP8AgsVhAKqnRc0ZV uJAda+nTdqOrHefeDqI3BGj7/UnWjNqtm7DTVvnvBz4OVdo+65nfWW2ofi0KLg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1607356403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=iOkZ3W3L6bSlN1APqwo5nIbtEaSMrjF8AC1jOpzqAYQ=; b=3FfR88oQdeCnzCNAmXtEP9jaR90FX/aW6kJwge0mwQRORSYJTbOJ71GDDVCZP1z0L3bM8h vC889D2QR6hiMBBg== To: Corentin Labbe Cc: herbert@gondor.apana.org.au, mripard@kernel.org, wens@csie.org, linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Jens Axboe , linux-mm@kvack.org, Andrew Morton , Julia Lawall , Matthew Wilcox Subject: Re: crypto: sun4i-ss: error with kmap In-Reply-To: <20201207121820.GB8458@Red> References: <20201203173846.GA16207@Red> <87r1o6bh1u.fsf@nanos.tec.linutronix.de> <20201204132631.GA25321@Red> <874kl1bod0.fsf@nanos.tec.linutronix.de> <20201204192753.GA19782@Red> <87wnxx9tle.fsf@nanos.tec.linutronix.de> <20201205184334.GA8034@Red> <87mtys8268.fsf@nanos.tec.linutronix.de> <20201206214053.GA8458@Red> <87ft4i79oq.fsf@nanos.tec.linutronix.de> <20201207121820.GB8458@Red> Date: Mon, 07 Dec 2020 16:53:23 +0100 Message-ID: <87o8j562a4.fsf@nanos.tec.linutronix.de> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Dec 07 2020 at 13:18, Corentin Labbe wrote: > On Mon, Dec 07, 2020 at 01:15:49AM +0100, Thomas Gleixner wrote: > So if I understand correctly, basicly I cannot have two atomic kmap at > the same time since it made unmapping them in the right order complex. You can, but the ordering has to be correct and with sg_miter that's probably hard to get right. > I am not sure to have well understood your hint, but could you give me So the point is: sg_miter_next(&mi); map 1 -> vaddr1 sg_miter_next(&mo); map 2 -> vaddr2 do { ... if (cond) { sg_miter_next(&mi) sg_miter_stop() unmap(vaddr1); unmaps map2 -> FAIL if (next_page) map(); maps map2 -> vaddr2 -> FAIL } The only way how that could have ever worked is when the conditional sg_miter_next(&mi) did not try to map a new page, i.e. end of data. The ARM kunmap_atomic() had: #ifdef CONFIG_DEBUG_HIGHMEM BUG_ON(vaddr != __fix_to_virt(idx)); set_fixmap_pte(idx, __pte(0)); #else which means the warning and clearing the PTE only happens when debugging is enabled. That made your code "work" by chance because the unmap leaves map2 intact which means the vaddr2 mapping stays valid, so the access to it further down still worked. sg_miter_next(&mi); map 1 -> vaddr1 sg_miter_next(&mo); map 2 -> vaddr2 do { ... if (cond) { sg_miter_next(&mi) sg_miter_stop() unmap(vaddr1); idx 2 ---> 1 but mapping still valid for vaddr2 } *vaddr2 = x; works by chance But that also would cause trouble in the following case: sg_miter_next(&mi); map 1 -> vaddr1 sg_miter_next(&mo); map 2 -> vaddr2 do { ... if (cond) { sg_miter_next(&mi) sg_miter_stop() unmap(vaddr1); idx 2 ---> 1 but mapping still valid for vaddr2 } interrupt kmap_atomic(some_other_page) idx 1 -> 2 map some_otherpage to vaddr2 kunmap_atomic(vaddr2) idx 2 ---> 1 mapping still valid for vaddr2, but now points to some_other_page end of interrupt *vaddr2 = x; <-- accesses some_other_page -> FAIL This is the worst one because it's random data corruption and extremly hard to debug. I made the warning and the pte clearing in the new code unconditional just to catch any issues upfront which it did. sg_miter_next(&mi); map 1 -> vaddr1 sg_miter_next(&mo); map 2 -> vaddr2 do { ... if (cond) { sg_miter_next(&mi) sg_miter_stop() unmap(vaddr1); unmaps map2 -> FAIL clear map2 invalidates vaddr2 } *vaddr2 = x; <-- accesses the unmapped vaddr2 -> CRASH > what you think about the following patch which fix (at least) the > crash. Instead of holding SGmiter (and so two kmap), I use only one > at a time. That looks fine at least vs. the sg_miter/kmap_atomic usage. Thanks, tglx