Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4604752pxb; Sun, 27 Mar 2022 23:10:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdDkAMzyeuuByHR1opBuTxLzoyGIrAG2b+ZqtwcW6YmCpWjJlh14ZHQwJQ8jOgehWowKOA X-Received: by 2002:a17:906:2a85:b0:6ce:36bd:bcd9 with SMTP id l5-20020a1709062a8500b006ce36bdbcd9mr25775474eje.318.1648447854929; Sun, 27 Mar 2022 23:10:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648447854; cv=none; d=google.com; s=arc-20160816; b=B5z+W0DW/HF0Ta6L3y+omW8Mt2Q7oUuueJa03puEhwiuGgvwkksl2Hk+DRnM30B8Ot ZYFhO69UnCBrj5Jgqvhm8tbyawF1AzEUng7CM3aJvedfWFX0I6FmfhDzz70nMwuV00Pf QUVa1hmHRIQ5D8yywyCTg0GJ5BYkbJ8L+WvEzyBLqCuo7ixP3AhCfzvFaN/2E4A414M7 JA4/vWwHKUzaMB80SHkuKfgZJDLjJtWqlfuaXJIMpJ+dzAoO6keLjHLucHvc+exp+sWC 37X1xMo+x3XOosvNn3RiLlt45cy4U6C+xqBGRth5AW6QEczqb2Jnq8cSBNAJFdBVCut7 RK/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=4DsawngOkTaf1ffe3Djt9i8R04p2xlEj2LaUyWMHpLQ=; b=vV6NebqqoJPb9QXdblz6MjzkY7IEPrFib473MJP/CyHkniZvnyjsGd4w46FUVhYtzo 5Qy5UHklxpHZzGSB94m7doe9u4PyhEP9U+ARrDUhvxECx4xwz3hnWQdO9NTPRiTOlE7T Ex4fK9h+U6Fji7W4BwfRsb1gv+8UMuWPXQOKzHJW+FtAZFQpDziVxGygqb6535ocHKhA Eg2B5AIWm24nY8glwSSqM4B5cr6OK0CSIfkgTuj+IcBxDk80WtcWlqg+TEtBtRHAY4/b pWCzqSCktfzEq/A+PBRcnNXWjGtcOvvm1rryyJ3vxDfjCjgqgiLXpiy+w9IeXoEYhFY6 c/wA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=IL1j88A1; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hp31-20020a1709073e1f00b006df76385cc5si16458973ejc.357.2022.03.27.23.10.38; Sun, 27 Mar 2022 23:10:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=IL1j88A1; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234924AbiC0FIP (ORCPT + 69 others); Sun, 27 Mar 2022 01:08:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234486AbiC0FIO (ORCPT ); Sun, 27 Mar 2022 01:08:14 -0400 Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AAB44193D7 for ; Sat, 26 Mar 2022 22:06:36 -0700 (PDT) Received: by mail-lf1-x12d.google.com with SMTP id t25so19671315lfg.7 for ; Sat, 26 Mar 2022 22:06:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4DsawngOkTaf1ffe3Djt9i8R04p2xlEj2LaUyWMHpLQ=; b=IL1j88A1zMmNQ619gkjkOLfevd4yJp/uUvy/JL+W394T7Ci9byh8r//w+swnF4uoTk MZxgdJEbG5E8/y/0RfpNKMtcmR1SxV+ftoqfImF3PZxALDLZgAsd0IabrARdiKS285Pw iUyVNk8ywuM4lUwh7TQ+LKc1DK3c/TGkrq11k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4DsawngOkTaf1ffe3Djt9i8R04p2xlEj2LaUyWMHpLQ=; b=Kg5skmQRLztZr7AX7O0sjTiq4YY+8cC0oGbrfIc2qZe+/+3s6Oe9aNsG593irSOHXO pHwgEjqdl2ZsbjfpwWIzEqixUwk4YCuI1ZLgfPSIFr3pacCi5c4FYnEczSJAG9xC+nMi TvxiV8sz5uDqTZmzbtdCgtbE685rEufSR58psQRzu0x17IVC/mzMAZl/QMZQ72kGBiCC tRHHJNa/FS+Ekjy2lkdv57E/4p7WGx9nfoLanxZe1A+23qGfiDku8NC47fo804nQiE7J JS32zNJmEfJR7UaPKemjsVPoXiTn3aI/SiGRijVyQNS/fCzb9EVO4rv/IxFErx43SA4+ EWWw== X-Gm-Message-State: AOAM531O/kOlRIUnNccwQ9WOvy+qvCh7rQdI52FKJz2JPf7hFh/6BEjj RP/s4Mk+mTzVkwtJdUOMyixUHKp+J95/JDst3FU= X-Received: by 2002:a05:6512:3a93:b0:44a:a77:e969 with SMTP id q19-20020a0565123a9300b0044a0a77e969mr14787955lfu.259.1648357594681; Sat, 26 Mar 2022 22:06:34 -0700 (PDT) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com. [209.85.167.49]) by smtp.gmail.com with ESMTPSA id g3-20020a05651222c300b0044a378930b0sm1252310lfu.8.2022.03.26.22.06.32 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 26 Mar 2022 22:06:33 -0700 (PDT) Received: by mail-lf1-f49.google.com with SMTP id bt26so19667255lfb.3 for ; Sat, 26 Mar 2022 22:06:32 -0700 (PDT) X-Received: by 2002:ac2:4203:0:b0:448:8053:d402 with SMTP id y3-20020ac24203000000b004488053d402mr14244664lfh.687.1648357591941; Sat, 26 Mar 2022 22:06:31 -0700 (PDT) MIME-Version: 1.0 References: <1812355.tdWV9SEqCh@natalenko.name> <20220324055732.GB12078@lst.de> <4386660.LvFx2qVVIh@natalenko.name> <81ffc753-72aa-6327-b87b-3f11915f2549@arm.com> <878rsza0ih.fsf@toke.dk> <4be26f5d8725cdb016c6fdd9d05cfeb69cdd9e09.camel@freebox.fr> <20220324163132.GB26098@lst.de> <871qyr9t4e.fsf@toke.dk> <20220327054848.1a545b12.pasic@linux.ibm.com> In-Reply-To: <20220327054848.1a545b12.pasic@linux.ibm.com> From: Linus Torvalds Date: Sat, 26 Mar 2022 22:06:15 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [REGRESSION] Recent swiotlb DMA_FROM_DEVICE fixes break ath9k-based AP To: Halil Pasic Cc: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= , Robin Murphy , Christoph Hellwig , Maxime Bizon , Oleksandr Natalenko , Marek Szyprowski , Kalle Valo , "David S. Miller" , Jakub Kicinski , Paolo Abeni , Olha Cherevyk , iommu , linux-wireless , Netdev , Linux Kernel Mailing List , Greg Kroah-Hartman , stable Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Sat, Mar 26, 2022 at 8:49 PM Halil Pasic wrote: > > I agree it CPU modified buffers *concurrently* with DMA can never work, > and I believe the ownership model was conceived to prevent this > situation. But that just means that the "ownership" model is garbage, and cannot handle this REAL LIFE situation. Here's the deal: if somebody makes a model that is counter-factual, you have exactly two choices: - fix the damn model - live in a la-la-land that isn't reality Which choice do you pick? And I'll be brutally honest: if you pick the la-la-land one, I don't think we can really discuss this any more. > But a CPU can modify the buffer *after* DMA has written to > it, while the mapping is still alive. Yes. But you are making ALL your arguments based on that "ownership" model that we now know is garbage. If you make your arguments based on garbage, the end result _might_ work just by happenstance, but the arguments sure aren't very convincing, are they? So let's make it really clear that the arguments must not be based on some "ownership" model that you just admitted cannot handle the very real case of real and common hardware. Ok? > For example one could do one > partial read from the device, *after* the DMA is done, > sync_for_cpu(DMA_FROM_DEVICE), examine, then zero out the entire buffer, > sync_for_device(DMA_FROM_DEVICE) So the result you want to get to I can believe in, but your sequence of getting there is untenable, since it depends on breaking other cases that are more important than your utterly broken hardware that you don't even know how much data it filled. And I fundamentally also happen to think that since the CPU just wrote that buffer, and *that* write is what you want to sync with the device, then that DMA_FROM_DEVICE was just pure fantasy to begin with. So that code sequence you quote is wrong. You are literally trying to re-introduce the semantics that we already know broke the ath9k driver. Instead, let me give you a couple of alternative scenarios. Alternative 1: - ok, so the CPU wrote zeroes to the area, and we want to tell the DMA mapping code that it needs to make that CPU write visible to the device. - Ahh, you mean "sync_for_device(DMA_TO_DEVICE)"? - Yes. The "for_device()" tells us that afterwards, the device can access the memory (we synced it for the device). And the DMA_TO_DEVICE tells us that we're transferring the zeroes we wrote on the CPU to the device bounce buffer. Now the device got those zeroes, and it can overwrite them (partially), and everything is fine - And then we need to use "sync_for_cpu(DMA_FROM_DEVICE)" when we want to see the result once it's all done? - Yes. - Splendid. Except I don't like how you mix DMA_TO_DEVICE and DMA_FROM_DEVICE and you made the dma_alloc() not use DMA_BIDIRECTIONAL - Yeah, that's ugly, but it matches reality, and it would "just work" today. Alternative 2: - Ok, so the CPU doesn't even want to write to the area AT ALL, but we know we have a broken device that might not fill all of the bounce buffer, and we don't want to see old stale bounce buffer contents that could come from some other operation entirely and leak sensitive data that wasn't for us. - Ahh, so you really want to just clear the bounce buffer before IO? - Yes. So let's introduce a "clear_bounce_buffer()" operation before starting DMA. Let's call it "sync_for_device(DMA_NONE)" and teach the non-bounce-buffer dmas mapping entities to just ignore it, because they don't have a bounce buffer that can contain stale data. - Sounds good. Alternative 3: - Ok, you have me stumped. I can't come up with something else sane. Anyway, notice what's common about these alternatives? They are based not on some "we have a broken model", but on trying to solve the actual real-life problem case. I'm more than happy to hear other alternatives. But the alternative I am _not_ willing to entertain is "Yeah, we have a model of ownership, and that can't handle ath9k because that one wants to do CPU reads while DMA is possibly active, so ath9k is broken". Can we please agree on that? Linus