From: Vincent Whitchurch <vincent.whitchurch@axis.com>
To: Robin Murphy <robin.murphy@arm.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>,
"broonie@kernel.org" <broonie@kernel.org>,
"krzysztof.kozlowski@linaro.org" <krzysztof.kozlowski@linaro.org>,
"andi@etezian.org" <andi@etezian.org>,
Christoph Hellwig <hch@lst.de>, kernel <kernel@axis.com>,
"alim.akhtar@samsung.com" <alim.akhtar@samsung.com>,
"linux-spi@vger.kernel.org" <linux-spi@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-samsung-soc@vger.kernel.org"
<linux-samsung-soc@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"iommu@lists.linux-foundation.org"
<iommu@lists.linux-foundation.org>
Subject: Re: [PATCH v2 2/4] spi: Fix cache corruption due to DMA/PIO overlap
Date: Mon, 3 Oct 2022 13:29:18 +0200 [thread overview]
Message-ID: <YzrHjl8x2bd1rqeE@axis.com> (raw)
In-Reply-To: <461a5187-fc7a-b7f6-84da-0e947f764a0a@arm.com>
On Fri, Sep 30, 2022 at 02:10:28PM +0200, Robin Murphy wrote:
> That said, maybe this is something that's better to catch than to paper
> over? Arguably the real bug here is that spi_unmap_buf() and the new
> sync functions should use the same "{tx,rx}_buf != NULL" condition that
> spi_map_buf() used for the DMA mapping decision in the first place.
The "{tx,rx}_buf != NULL" condition would not sufficient on its own; the
call to ->can_dma() is also part of the condition. __spi_unmap_msg()
already does the ->can_dma() call even though it checks for the
orig_nents != 0 condition instead of the tx,rx_buf != NULL, but I
omitted that call in the new sync functions, incorrectly believing it to
be redundant.
It looks like __spi_unmap_msg() would have triggered a similar crash
even before this patch, if a client had reused an xfer with both rx and
tx the first time, and only one of them enabled the next time around
(and with ->can_dma() returning true both times). Testing the
{tx,rx}_buf instead of sgt->orig_nents would have avoided that, as you
say.
WARNING: multiple messages have this Message-ID (diff)
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
To: Robin Murphy <robin.murphy@arm.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>,
"broonie@kernel.org" <broonie@kernel.org>,
"krzysztof.kozlowski@linaro.org" <krzysztof.kozlowski@linaro.org>,
"andi@etezian.org" <andi@etezian.org>,
Christoph Hellwig <hch@lst.de>, kernel <kernel@axis.com>,
"alim.akhtar@samsung.com" <alim.akhtar@samsung.com>,
"linux-spi@vger.kernel.org" <linux-spi@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-samsung-soc@vger.kernel.org"
<linux-samsung-soc@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"iommu@lists.linux-foundation.org"
<iommu@lists.linux-foundation.org>
Subject: Re: [PATCH v2 2/4] spi: Fix cache corruption due to DMA/PIO overlap
Date: Mon, 3 Oct 2022 13:29:18 +0200 [thread overview]
Message-ID: <YzrHjl8x2bd1rqeE@axis.com> (raw)
In-Reply-To: <461a5187-fc7a-b7f6-84da-0e947f764a0a@arm.com>
On Fri, Sep 30, 2022 at 02:10:28PM +0200, Robin Murphy wrote:
> That said, maybe this is something that's better to catch than to paper
> over? Arguably the real bug here is that spi_unmap_buf() and the new
> sync functions should use the same "{tx,rx}_buf != NULL" condition that
> spi_map_buf() used for the DMA mapping decision in the first place.
The "{tx,rx}_buf != NULL" condition would not sufficient on its own; the
call to ->can_dma() is also part of the condition. __spi_unmap_msg()
already does the ->can_dma() call even though it checks for the
orig_nents != 0 condition instead of the tx,rx_buf != NULL, but I
omitted that call in the new sync functions, incorrectly believing it to
be redundant.
It looks like __spi_unmap_msg() would have triggered a similar crash
even before this patch, if a client had reused an xfer with both rx and
tx the first time, and only one of them enabled the next time around
(and with ->can_dma() returning true both times). Testing the
{tx,rx}_buf instead of sgt->orig_nents would have avoided that, as you
say.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-10-03 11:29 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-27 11:21 [PATCH v2 0/4] spi: Fix DMA bugs in (not only) spi-s3c64xx Vincent Whitchurch
2022-09-27 11:21 ` Vincent Whitchurch
2022-09-27 11:21 ` [PATCH v2 1/4] spi: Save current RX and TX DMA devices Vincent Whitchurch
2022-09-27 11:21 ` Vincent Whitchurch
2022-09-27 11:21 ` [PATCH v2 2/4] spi: Fix cache corruption due to DMA/PIO overlap Vincent Whitchurch
2022-09-27 11:21 ` Vincent Whitchurch
2022-09-30 11:20 ` Marek Szyprowski
2022-09-30 11:20 ` Marek Szyprowski
2022-09-30 12:10 ` Robin Murphy
2022-09-30 12:10 ` Robin Murphy
2022-10-03 11:29 ` Vincent Whitchurch [this message]
2022-10-03 11:29 ` Vincent Whitchurch
2022-09-27 11:21 ` [PATCH v2 3/4] spi: Split transfers larger than max size Vincent Whitchurch
2022-09-27 11:21 ` Vincent Whitchurch
2023-06-22 19:48 ` Eddie James
2023-06-22 19:48 ` Eddie James
2023-06-22 21:16 ` Mark Brown
2023-06-22 21:16 ` Mark Brown
2023-06-23 16:45 ` Eddie James
2023-06-23 16:45 ` Eddie James
2023-06-23 17:16 ` Mark Brown
2023-06-23 17:16 ` Mark Brown
2022-09-27 11:21 ` [PATCH v2 4/4] spi: s3c64xx: Fix large transfers with DMA Vincent Whitchurch
2022-09-27 11:21 ` Vincent Whitchurch
2022-09-28 17:27 ` [PATCH v2 0/4] spi: Fix DMA bugs in (not only) spi-s3c64xx Mark Brown
2022-09-28 17:27 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YzrHjl8x2bd1rqeE@axis.com \
--to=vincent.whitchurch@axis.com \
--cc=alim.akhtar@samsung.com \
--cc=andi@etezian.org \
--cc=broonie@kernel.org \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=kernel@axis.com \
--cc=krzysztof.kozlowski@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-samsung-soc@vger.kernel.org \
--cc=linux-spi@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=robin.murphy@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.