Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2016067pxp; Mon, 7 Mar 2022 06:56:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJyLlx7vCqTAjZVSiE8EiEfcu8oYyTuEiN66/3tcgI6wBN6tA6hGH8LJpB7lndwu/cdsOzcX X-Received: by 2002:aa7:ce94:0:b0:415:a0c7:ce6f with SMTP id y20-20020aa7ce94000000b00415a0c7ce6fmr11280613edv.90.1646664971716; Mon, 07 Mar 2022 06:56:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646664971; cv=none; d=google.com; s=arc-20160816; b=UBUmqsV8dMGcHeV76b5DnBRb/0ykxF0LwWeCPMQrrbVvL6cMgAQNezfZJa4pyM1z3o 2lHod3j+DI/+u/unLU/iEYUMclpsUFa6yfoLrsiZZstgcmPOaEVFXaQcoYh9iGSzQyWs WytBFOcCddO1Z7Y+LW6x1vmZ0xT8a/A/7Z5K0L967aveaLYbQrTW9YERezf9MSrRnv2H A0nAknnuUWjjYUCAbhI+DLSTXqY2jWFKV/l1fjeLAN7yiv3hEXYZchZERfgTiSdlJQJj jlbqkEgEGQXI9FlLl7xktn0WSZdcr/pH0H51AFHOZgkcddAHmDo1Zu1NQomrsV2fF0U+ 0qkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=FTOQLkPABjgFHbcpYh08NxXX3AnkIW8zDVxaxnJ63AA=; b=reYWravWO68SFzFhcclkk90rrnwqG0t9O6tjSb/88ETzMRpIZTqHhuR04e1Y1p0nXT 57sgyRmuERlTbJLzG9Ycrm9BeMm9d8/RwNR/tblX51IkniVxljusYZOW08+XT0TBgjKW 8qfeJzSaklLrKQV7/+OeC8KG6bGQilC3RePXEjRNoXHWV3LMCijYPiM/kdXHcAQ1i4cN zrhgT8D7nTn24XM4Un8aaRs0wZ2zrG3xcj/Aeny9FxqRhmL2bQByPnbo4Zi6bWWmHuOW Q5p+Y/szths4ZVKHT3ul2AMF/+Ap/Hed2jCZw0uDhydSAM1B0e5XUmDdxsX38+TTjq8J xq7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@benyossef-com.20210112.gappssmtp.com header.s=20210112 header.b=DcLYhdXt; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nd20-20020a170907629400b006da8a7caf42si9930906ejc.945.2022.03.07.06.55.47; Mon, 07 Mar 2022 06:56:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@benyossef-com.20210112.gappssmtp.com header.s=20210112 header.b=DcLYhdXt; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241862AbiCGNON (ORCPT + 99 others); Mon, 7 Mar 2022 08:14:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237139AbiCGNOM (ORCPT ); Mon, 7 Mar 2022 08:14:12 -0500 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 413EF82D1A for ; Mon, 7 Mar 2022 05:13:17 -0800 (PST) Received: by mail-yb1-xb2a.google.com with SMTP id j2so30925647ybu.0 for ; Mon, 07 Mar 2022 05:13:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benyossef-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=FTOQLkPABjgFHbcpYh08NxXX3AnkIW8zDVxaxnJ63AA=; b=DcLYhdXta5yl8UjuFS/qcxIrxj4lqv9WyXc3/4S1ZfTA8qudVdOqOdtdNpJMh1qdof Z5ftjB+ehud2ofGMkDW6hVsPdsxvCOjZ/KA7pgDY12xY9Oigd3KsPHKfESy263khNi7/ XVKs1s6U/dLC+N61e2D5BZGBGx38mYU78J6V/0KQWEi+JdAieZAqV8rGuOdc22jnqUxZ XD0z6sLwo5GMK0UpVzOw9JRI8LRLKdE/xG/nToRr22qZJ+M/LCUp/uWvZi0I1J4P1jdT wIKiJNWDrecTVLsOGttHwnSdbKob/edeHZbo6T5d6s517KcS2oA6GUQVQ0KrfyVuJjAy FFfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=FTOQLkPABjgFHbcpYh08NxXX3AnkIW8zDVxaxnJ63AA=; b=aLwQeOLP3iazwdlOH1mXJ7+xtJNl7+WI5wULmkBKFkBHkwgvOCkHqO4T7ccymAWtvr tLIuvcwwHJ5uL5oOFdHgF0E58JMwfALb0vAj0SgUW6lnmhyjKSKUkC86l4dn7366luw2 FZJgE9l13KNZAONPpQlWDYtktUxJ10X7NVgsGpUOV98begMkoTauwuM/DgMS4EU+RkcD ++MnOKfREZGWps8O0h33BzKmQ4Qe+Hd2kdHoEj5V1bP9Lk+0ACcXzLcE/FsLUij0Nz/h aFhnXv/zo4c/V/MZTPHZJguvxORHMEDIyDI3BjXOEvEV5QO7Vq7nGe5+jze8Ss1xjf/3 u+lA== X-Gm-Message-State: AOAM532DnR/4eDc1dYaqovuwiDWar1VVLnVs0iZIJ6iBhTLKQXolwD0s Uld0uSmo0B1ZQVMJWd1/pvZtYtbCCZ6fw09LO9wnMQ== X-Received: by 2002:a25:e0c7:0:b0:629:182a:4b75 with SMTP id x190-20020a25e0c7000000b00629182a4b75mr7234257ybg.539.1646658796453; Mon, 07 Mar 2022 05:13:16 -0800 (PST) MIME-Version: 1.0 References: <6cf91f43-df23-3ac9-e9b5-958d99d37422@arm.com> <371ef3f2-883d-91ab-ed96-da8921efb465@arm.com> In-Reply-To: <371ef3f2-883d-91ab-ed96-da8921efb465@arm.com> From: Gilad Ben-Yossef Date: Mon, 7 Mar 2022 15:13:05 +0200 Message-ID: Subject: Re: [BUG] crypto: ccree: driver does not handle case where cryptlen = authsize =0 To: Robin Murphy Cc: Corentin Labbe , Christoph Hellwig , m.szyprowski@samsung.com, Herbert Xu , Linux Crypto Mailing List , Linux kernel mailing list , iommu@lists.linux-foundation.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Mar 7, 2022 at 3:03 PM Robin Murphy wrote: > > On 2022-03-07 12:47, Gilad Ben-Yossef wrote: > > On Mon, Mar 7, 2022 at 2:36 PM Robin Murphy wrot= e: > >> > >> On 2022-03-07 12:17, Gilad Ben-Yossef wrote: > >>> On Mon, Mar 7, 2022 at 1:14 PM Robin Murphy wr= ote: > >>> > >>>> The "overlap" is in the sense of having more than one mapping within= the > >>>> same cacheline: > >>>> > >>>> [ 142.458120] DMA-API: add_dma_entry start P=3Dba79f200 N=3Dba79f > >>>> D=3Dba79f200 L=3D10 DMA_FROM_DEVICE attrs=3D0 > >>>> [ 142.458156] DMA-API: add_dma_entry start P=3D445dc010 N=3D445dc > >>>> D=3D445dc010 L=3D10 DMA_TO_DEVICE attrs=3D0 > >>>> [ 142.458178] sun8i-ss 1c15000.crypto: SRC 0/1/1 445dc000 len=3D16 = bi=3D0 > >>>> [ 142.458215] sun8i-ss 1c15000.crypto: DST 0/1/1 ba79f200 len=3D16 = bi=3D0 > >>>> [ 142.458234] DMA-API: add_dma_entry start P=3Dba79f210 N=3Dba79f > >>>> D=3Dba79f210 L=3D10 DMA_FROM_DEVICE attrs=3D0 > >>>> > >>>> This actually illustrates exactly the reason why this is unsupportab= le. > >>>> ba79f200 is mapped for DMA_FROM_DEVICE, therefore subsequently mappi= ng > >>>> ba79f210 for DMA_TO_DEVICE may cause the cacheline covering the rang= e > >>>> ba79f200-ba79f23f to be written back over the top of data that the > >>>> device has already started to write to memory. Hello data corruption= . > >>>> > >>>> Separate DMA mappings should be from separate memory allocations, > >>>> respecting ARCH_DMA_MINALIGN. > >>> > >>> hmm... I know I'm missing something here, but how does this align wit= h > >>> the following from active_cacheline_insert() in kernel/dma/debug.c ? > >>> > >>> /* If the device is not writing memory then we don't have a= ny > >>> * concerns about the cpu consuming stale data. This mitig= ates > >>> * legitimate usages of overlapping mappings. > >>> */ > >>> if (entry->direction =3D=3D DMA_TO_DEVICE) > >>> return 0; > >> > >> It's OK to have multiple mappings that are *all* DMA_TO_DEVICE, which > >> looks to be the case that this check was intended to allow. However I > >> think you're right that it should still actually check for conflicting > >> directions between the new entry and any existing ones, otherwise it > >> ends up a bit too lenient. > >> > >> Cheers, > >> Robin. > > > > I understand what you are saying about why checking for conflicting > > directions may be a good thing, but given that the code is as it is > > right now, how are we seeing the warning for two mapping that one of > > them is DMA_TO_DEVICE? > > Because it's the second one that isn't. The warning is triggered by > adding the DMA_FROM_DEVICE entry, which *is* checked, and finds the > DMA_TO_DEVICE entry already present. What's not great is that if those > two mappings happened to be made in the opposite order then it would be > missed entirely. Please accept my sincere apologies if I'm being daft , but here is the code for add_dma_entry(): static void add_dma_entry(struct dma_debug_entry *entry, unsigned long attr= s) { struct hash_bucket *bucket; unsigned long flags; int rc; bucket =3D get_hash_bucket(entry, &flags); hash_bucket_add(bucket, entry); put_hash_bucket(bucket, flags); rc =3D active_cacheline_insert(entry); if (rc =3D=3D -ENOMEM) { pr_err("cacheline tracking ENOMEM, dma-debug disabled\n"); global_disable =3D true; } else if (rc =3D=3D -EEXIST && !(attrs & DMA_ATTR_SKIP_CPU_SYNC)) = { err_printk(entry->dev, entry, "cacheline tracking EEXIST, overlapping mappings aren't supported\n"); } } Clearly we get to active_cacheline_insert() unconditionally. Here is the code of active_cacheline_insert(): static int active_cacheline_insert(struct dma_debug_entry *entry) { phys_addr_t cln =3D to_cacheline_number(entry); unsigned long flags; int rc; /* If the device is not writing memory then we don't have any * concerns about the cpu consuming stale data. This mitigates * legitimate usages of overlapping mappings. */ if (entry->direction =3D=3D DMA_TO_DEVICE) return 0; spin_lock_irqsave(&radix_lock, flags); rc =3D radix_tree_insert(&dma_active_cacheline, cln, entry); if (rc =3D=3D -EEXIST) active_cacheline_inc_overlap(cln); spin_unlock_irqrestore(&radix_lock, flags); return rc; } Clearly the check for direction happens BEFORE we ever attempt to add the cacheline tracking data. So it shouldn't matter at all which is first and which is second... :-( I know I'm missing something. But what? Thanks, Gilad --=20 Gilad Ben-Yossef Chief Coffee Drinker values of =CE=B2 will give rise to dom!