Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2015064pxp; Mon, 7 Mar 2022 06:54:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJwWXEv0eqRTfEsNsGWa3LtqwZOOhmeRJrEFGi75Gu+Wv72TdZj5jABdkgXYqs13CSyOLFn1 X-Received: by 2002:a50:8d1a:0:b0:415:a1ce:89a8 with SMTP id s26-20020a508d1a000000b00415a1ce89a8mr11412297eds.146.1646664892049; Mon, 07 Mar 2022 06:54:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646664892; cv=none; d=google.com; s=arc-20160816; b=jSUENHEPHb8ohWiPnAQnI6fQHAhdZUv6mcA5MmppxXgERPAkzoLsWikeykmMFf1wGc +h56WMQsUN45HS6Bej2TVBxEncBYuGgzAS0R88oNcJWBhUZZBA0xrwqsbYmeZB7EfiRS Id3cbTtRR6oBUdYCZDft+v8x+ZphZxIW2MMlzcYNxJZPQvj1jzlpqbOq/2S0X5mtmmY3 XJp7A21WHj0gmv2IYIYkQitw+MV1ykjlD9ibOEla0UVVBT9AltXQVkI42z5j5xDoWX8Z OVf+UBlUm9OIb+/XwUQtnt9RD3KFTU+WIR6E9CASj/I1BseLS+6AMCzF1Yz7/su2j1i3 HZqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=7oDoWa/WXO0HRiAR3FYfDPHuuMG9SE634o9q9OLcXr4=; b=A+XzLaGYTDvY9LdQlQiWdh2gu1d9v7b8u0/g4dnfJ1CsSHHTUhWx/vN8xX8VBpa9M7 AJST3dbMDRrzNVaMylzsvfDtgEZraM67LcHeYjmjm+lVBbLQP79zllV70uWq6lKQ+ieb QkQORHJZEcTDEvfnt3lLiR00aQFn8neKI52KAixDQjGvV8mcMhPSLUBgAFT/k1YNVZCp KIReBzRpCr1w13xidFQH1deePLnR7TRfRuCG9KcnqA8BkjQMWKEty0idDGomDKUjWOs7 /rrIN3VR/5rA+FgDUwnbrZ6fbQxfRjRgFbOFZgQ5iSlFbBLi8kBtz8arwp+w+O5iWlTY xnng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@benyossef-com.20210112.gappssmtp.com header.s=20210112 header.b=zyZStyBd; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gb20-20020a170907961400b006da8ac403ecsi9332123ejc.63.2022.03.07.06.54.17; Mon, 07 Mar 2022 06:54:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@benyossef-com.20210112.gappssmtp.com header.s=20210112 header.b=zyZStyBd; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242819AbiCGNXG (ORCPT + 99 others); Mon, 7 Mar 2022 08:23:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242908AbiCGNXE (ORCPT ); Mon, 7 Mar 2022 08:23:04 -0500 Received: from mail-yw1-x112c.google.com (mail-yw1-x112c.google.com [IPv6:2607:f8b0:4864:20::112c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1A367A9A0 for ; Mon, 7 Mar 2022 05:22:10 -0800 (PST) Received: by mail-yw1-x112c.google.com with SMTP id 00721157ae682-2d07ae0b1c0so163514397b3.2 for ; Mon, 07 Mar 2022 05:22:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benyossef-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=7oDoWa/WXO0HRiAR3FYfDPHuuMG9SE634o9q9OLcXr4=; b=zyZStyBdAViuPZW9wkcsXwR7+fT9bJrITQ2ZKvu3QTWVKxlWLy5mrmZ19yZxqPmpyI VkAXmRizMHDJh/MFSFGxk5NJA2cVrrmKt4U/hdrGDscEVzujD5VMRyzLGnQJU3v+OYcQ brxCntmql2y/zoTn7yXUn9bN9lRsoD66D9zQgQ9CMWcENYen15Z05vI8LBSCCceSyFuC zcEkIAR2P2AoneetJjwo3iniEadu3BeXE/fuyDeAjsi6XfEUnzd/a5pEDGJsODMZh7k3 9XzRm1hCzWr2NN/drttHWY0ZQr6etkSbnTytwsAYutdn5clAjadxkuWsaAd+DlmEP+nb caaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=7oDoWa/WXO0HRiAR3FYfDPHuuMG9SE634o9q9OLcXr4=; b=ZT/5JBDetnc6Ppyw8gjtjxKeZSKtNxzKgEpewMm4RuBFlgH3GWSFd7lQMoePnCVqHO hJk6kao1V/5pPjYLRnCDZ7sQockg4y9w0pu+RO1jps8+WjuuNvfK/gAGtQgz8a/sgE7W UScag9AILTTG366Xmr9BOFBBO+ws9MaAtjwfp4poC/xGFjOvLUo4Rk+QG6Mm3bi4zYVw hfiv3ZnhGN7z9wELwasIrA1MDdM3lFajhWXNG1pzNec9FmxtO22g8N9n4JPgSIILgQKv rO2z5WJbXqrrRR/8a4XJVnXeLDdrNou2xKUgeeYBD9hIuPS9u3XhvAn5+oQSCNB05PDq +b6g== X-Gm-Message-State: AOAM532+Q+/ZyNo54YKDAJPrgLj2V4YLmgRhedtaVFZgpqo8cXuj2JMz mVZa9q0YjcjnpNuQFxlI7x3An/l3/GpKgB75JjQqLg== X-Received: by 2002:a81:6c6:0:b0:2dc:616b:468b with SMTP id 189-20020a8106c6000000b002dc616b468bmr8087023ywg.472.1646659329804; Mon, 07 Mar 2022 05:22:09 -0800 (PST) MIME-Version: 1.0 References: <6cf91f43-df23-3ac9-e9b5-958d99d37422@arm.com> <371ef3f2-883d-91ab-ed96-da8921efb465@arm.com> In-Reply-To: From: Gilad Ben-Yossef Date: Mon, 7 Mar 2022 15:21:58 +0200 Message-ID: Subject: Re: [BUG] crypto: ccree: driver does not handle case where cryptlen = authsize =0 To: Robin Murphy Cc: Herbert Xu , Linux kernel mailing list , iommu@lists.linux-foundation.org, Corentin Labbe , Linux Crypto Mailing List , Christoph Hellwig Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Mar 7, 2022 at 3:12 PM Robin Murphy wrote: > > On 2022-03-07 13:03, Robin Murphy wrote: > > On 2022-03-07 12:47, Gilad Ben-Yossef wrote: > >> On Mon, Mar 7, 2022 at 2:36 PM Robin Murphy wro= te: > >>> > >>> On 2022-03-07 12:17, Gilad Ben-Yossef wrote: > >>>> On Mon, Mar 7, 2022 at 1:14 PM Robin Murphy > >>>> wrote: > >>>> > >>>>> The "overlap" is in the sense of having more than one mapping > >>>>> within the > >>>>> same cacheline: > >>>>> > >>>>> [ 142.458120] DMA-API: add_dma_entry start P=3Dba79f200 N=3Dba79f > >>>>> D=3Dba79f200 L=3D10 DMA_FROM_DEVICE attrs=3D0 > >>>>> [ 142.458156] DMA-API: add_dma_entry start P=3D445dc010 N=3D445dc > >>>>> D=3D445dc010 L=3D10 DMA_TO_DEVICE attrs=3D0 > >>>>> [ 142.458178] sun8i-ss 1c15000.crypto: SRC 0/1/1 445dc000 len=3D16= bi=3D0 > >>>>> [ 142.458215] sun8i-ss 1c15000.crypto: DST 0/1/1 ba79f200 len=3D16= bi=3D0 > >>>>> [ 142.458234] DMA-API: add_dma_entry start P=3Dba79f210 N=3Dba79f > >>>>> D=3Dba79f210 L=3D10 DMA_FROM_DEVICE attrs=3D0 > >>>>> > >>>>> This actually illustrates exactly the reason why this is > >>>>> unsupportable. > >>>>> ba79f200 is mapped for DMA_FROM_DEVICE, therefore subsequently mapp= ing > >>>>> ba79f210 for DMA_TO_DEVICE may cause the cacheline covering the ran= ge > >>>>> ba79f200-ba79f23f to be written back over the top of data that the > >>>>> device has already started to write to memory. Hello data corruptio= n. > >>>>> > >>>>> Separate DMA mappings should be from separate memory allocations, > >>>>> respecting ARCH_DMA_MINALIGN. > >>>> > >>>> hmm... I know I'm missing something here, but how does this align wi= th > >>>> the following from active_cacheline_insert() in kernel/dma/debug.c ? > >>>> > >>>> /* If the device is not writing memory then we don't have = any > >>>> * concerns about the cpu consuming stale data. This > >>>> mitigates > >>>> * legitimate usages of overlapping mappings. > >>>> */ > >>>> if (entry->direction =3D=3D DMA_TO_DEVICE) > >>>> return 0; > >>> > >>> It's OK to have multiple mappings that are *all* DMA_TO_DEVICE, which > >>> looks to be the case that this check was intended to allow. However I > >>> think you're right that it should still actually check for conflictin= g > >>> directions between the new entry and any existing ones, otherwise it > >>> ends up a bit too lenient. > >>> > >>> Cheers, > >>> Robin. > >> > >> I understand what you are saying about why checking for conflicting > >> directions may be a good thing, but given that the code is as it is > >> right now, how are we seeing the warning for two mapping that one of > >> them is DMA_TO_DEVICE? > > > > Because it's the second one that isn't. The warning is triggered by > > adding the DMA_FROM_DEVICE entry, which *is* checked, and finds the > > DMA_TO_DEVICE entry already present. What's not great is that if those > > two mappings happened to be made in the opposite order then it would be > > missed entirely. > > Urgh, no, sorry, that's some imaginary conflation of the cacheline radix > tree with the entry hash bucket... > > What's actually happened here is that I've failed to read the log > properly and they're both DMA_FROM_DEVICE. But the potential problem of > mixed-direction mappings being missed does still stand in general. Ah, right! OK, Now I feel a little better. You know, I think that dma debug logic is oversimplified a bit in other ways too. Think for example about the scenario that started this - a (crypto, but it doesn't matter) gets two sg lists - src and dst. It will map the src for DMA_TO_DEVICE and the dst as DMA_FROM_DEVICE. Now the two sg list might actually be one and the same or they might be two different sg lists but referring to the exact same buffers. So long as the driver DMA maps, says, the src first and then the dst, or vice versa, and does not initiate any read/write from either the CPU or device until the 2nd mapping, I would claim that this is perfectly safe (same thing for not touching the buffer post the first unmap and before the 2nd) and it does simplify the driver quite a bit - but the dma debug logic will consider it an error right now. Gilad --=20 Gilad Ben-Yossef Chief Coffee Drinker values of =CE=B2 will give rise to dom!