Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp215128pxb; Wed, 23 Mar 2022 16:38:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx0KZBYkFgY5F6HxKxsxXSa/xDrlC0o8beYRGNZhSkJXmvitWD4tkFgHMoV0QcojyASOUhb X-Received: by 2002:a05:6402:34d6:b0:419:4dc2:91c5 with SMTP id w22-20020a05640234d600b004194dc291c5mr3337453edc.329.1648078730310; Wed, 23 Mar 2022 16:38:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648078730; cv=none; d=google.com; s=arc-20160816; b=ZfzkvwX48Dm8UqGxTkDxPTpppxoJ8myidcwF2Ah+yhveN905UbGTJHJqMjTbCNfkKO T45vadXEzcU9nFIkEb3pRkJu4+0Qvn7Ifyv2xUm8DPUayj0yfCjbDSyW31vBMB6nMrAy 0MZGga0euGfFLH9VADdWHI59oxFSav0aQIt1qkFnZYB08RW157MZq4Lc3x774HEb/DTO UMVcshVwkpNGRHeEM0U86+SYCF6XVj8DxENGBZlOswwkomEZHl3bvEmVYK06SGVmqCfH McO1QVJ0k+Md0pAJFdQr/NczuqI364F+GjuNtnfCO2f6BpxeYEzBMg8MA7mcGg8yfA0v GeBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=OGGC+mSANYjMr3aw+rm1poEklkciGjF5q2KAQPVT/xk=; b=ZFh/cBkwOlfQc311zyQIi5JbiC+/2MRRGKKK+q1Mc8ckmxIwmdPeChmy2oe8y8/c+0 cBYqjGWQp8tBMCDPVBgkSfhfSWNQLRgCe5TzBxl81w7CvxsooO/NuGdi0aKoi1Wkg247 +FDPLwOJ8y+avYHD0U3vMtlZ/pMJssdf0CB/NX7Crp6SGOnlzDpro1y7MrMVtqZ0HZr/ qkT05hPDsAnNSwuolkxP2ao2/bHhMfa8TJtVLUYQR8HEV4BiOOs3bJR4pZWrfJYs1kTj i7GU2QtGB1Z9hCcXaaV4D7QAwrjvYteeCog68g8aCLevUsfA7jQHAUOJwzSobmqbz53L l0jQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 10-20020a170906024a00b006df76385bacsi14144192ejl.76.2022.03.23.16.38.32; Wed, 23 Mar 2022 16:38:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240271AbiCWTIC (ORCPT + 70 others); Wed, 23 Mar 2022 15:08:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344116AbiCWTIB (ORCPT ); Wed, 23 Mar 2022 15:08:01 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A15669FE5; Wed, 23 Mar 2022 12:06:30 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 409D0D6E; Wed, 23 Mar 2022 12:06:30 -0700 (PDT) Received: from [10.57.43.230] (unknown [10.57.43.230]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5A5F83F73B; Wed, 23 Mar 2022 12:06:27 -0700 (PDT) Message-ID: <27b5a287-7a33-9a8b-ad6d-04746735fb0c@arm.com> Date: Wed, 23 Mar 2022 19:06:23 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [REGRESSION] Recent swiotlb DMA_FROM_DEVICE fixes break ath9k-based AP Content-Language: en-GB To: Linus Torvalds , Oleksandr Natalenko Cc: Halil Pasic , Christoph Hellwig , Marek Szyprowski , =?UTF-8?Q?Toke_H=c3=b8iland-J=c3=b8rgensen?= , Kalle Valo , "David S. Miller" , Jakub Kicinski , Paolo Abeni , Olha Cherevyk , iommu , linux-wireless , Netdev , Linux Kernel Mailing List , Greg Kroah-Hartman , stable References: <1812355.tdWV9SEqCh@natalenko.name> From: Robin Murphy In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On 2022-03-23 17:27, Linus Torvalds wrote: > On Wed, Mar 23, 2022 at 12:19 AM Oleksandr Natalenko > wrote: >> >> The following upstream commits: >> >> aa6f8dcbab47 swiotlb: rework "fix info leak with DMA_FROM_DEVICE" >> ddbd89deb7d3 swiotlb: fix info leak with DMA_FROM_DEVICE >> >> break ath9k-based Wi-Fi access point for me. The AP emits beacons, but >> no client can connect to it, either from the very beginning, or >> shortly after start. These are the only symptoms I've noticed (i.e., >> no BUG/WARNING messages in `dmesg` etc). > > Funky, but clearly true: > >> These commits appeared in v5.17 and v5.16.15, and both kernels are >> broken for me. I'm pretty confident these commits make the difference >> since I've built both v5.17 and v5.16.15 without them, and it fixed >> the issue. > > Can you double-check (or just explicitly confirm if you already did > that test) that you need to revert *both* of those commits, and it's > the later "rework" fix that triggers it? > >> So, I do understand this might be an issue with regard to SG I/O >> handling in ath9k, hence relevant people in Cc. > > Yeah, almost certainly an ath9k bug, but a regression is a regression, > so if people can't find the issue in ath9k, we'll have to revert those > commits. > > Honestly, I personally think they were a bit draconian to begin with, > and didn't limit their effects sufficiently. > > I'm assuming that the ath9k issue is that it gives DMA mapping a big > enough area to handle any possible packet size, and just expects - > quite reasonably - smaller packets to only fill the part they need. > > Which that "info leak" patch obviously breaks entirely. Except that's the exact case which the new patch is addressing - by copying the whole original area into the SWIOTLB bounce buffer to begin with, if we bounce the whole lot back after the device has only updated part of it, the non-updated parts now get overwritten with the same original contents, rather than whatever random crap happened to be left in the SWIOTLB buffer by its previous user. I'm extremely puzzled how any driver could somehow be dependent on non-device-written data getting replaced with random crap, given that it wouldn't happen with a real IOMMU, or if SWIOTLB just didn't need to bounce, and the data would hardly be deterministic either. I think I can see how aa6f8dcbab47 might increase the severity of a driver bug where it calls dma_sync_*_for_device() on part of a DMA_FROM_DEVICE mapping that the device *has* written to, without having called a corresponding dma_sync_*_for_cpu() first - previously that would have had no effect, but now SWIOTLB will effectively behave more like an eagerly-prefetching non-coherent cache and write back old data over new - but if ddbd89deb7d3 alone makes a difference then something really weird must be going on. Has anyone run a sanity check with CONFIG_DMA_API_DEBUG enabled to see if that flags anything up? Robin.