From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=R6+Q=ZD=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.1 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 40899C17441
	for <linux-mm@archiver.kernel.org>; Mon, 11 Nov 2019 08:12:29 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id DBBF12075C
	for <linux-mm@archiver.kernel.org>; Mon, 11 Nov 2019 08:12:28 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=xenosoft.de header.i=@xenosoft.de header.b="pBEbpYY+"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DBBF12075C
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xenosoft.de
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 8ABE66B0005; Mon, 11 Nov 2019 03:12:28 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 85C6B6B0006; Mon, 11 Nov 2019 03:12:28 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 771036B0007; Mon, 11 Nov 2019 03:12:28 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0240.hostedemail.com [216.40.44.240])
	by kanga.kvack.org (Postfix) with ESMTP id 645266B0005
	for <linux-mm@kvack.org>; Mon, 11 Nov 2019 03:12:28 -0500 (EST)
Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with SMTP id F3DE1180AD81D
	for <linux-mm@kvack.org>; Mon, 11 Nov 2019 08:12:27 +0000 (UTC)
X-FDA: 76143279534.03.smile21_89c3ee317ea53
X-HE-Tag: smile21_89c3ee317ea53
X-Filterd-Recvd-Size: 10827
Received: from mo4-p01-ob.smtp.rzone.de (mo4-p01-ob.smtp.rzone.de [85.215.255.54])
	by imf50.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 11 Nov 2019 08:12:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1573459945;
	s=strato-dkim-0002; d=xenosoft.de;
	h=In-Reply-To:Date:Message-ID:References:Cc:To:From:Subject:
	X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
	bh=3/MqObd2KBYhkLHMy8MLFEFld3owrwS9kDyklpFMgIE=;
	b=pBEbpYY+AogIyLkY1Zb8seyfAwgdhwo5B3ufDlYLPdBfQbgngxFINRBBa2UAhozjAG
	aYtpnbgE625A9bqw8CCpXCYFcjr7tAsHfx1r4JEt7XNyt7HdJ4jb6uQDcQO1Y2O8MRtr
	Zm4hmyqZ7U3aIgoRHlRDaYHncGdnNRBP9o40oiA4L9Nh8GIAt31mOO4f9ukoMaP/BVQ2
	HkN3CU92sDs9vL5hvAoTJRm0Tm6o+JMzOeOw0jU0eUuEpZxv3xMY/mfvRhtgg76JVnkP
	Mcj/Yoa6UJS1g/ocChLpP4s3m8/OvFA7bliWK7Ffwamkk/Wpy+wbzlL6LHT72z50YMBx
	rA4g==
X-RZG-AUTH: ":L2QefEenb+UdBJSdRCXu93KJ1bmSGnhMdmOod1DhGM4l4Hio94KKxRySfLxnHfJ+Dkjp5DdBJSrwuuqxvPhUdStcud4ztdvxL67fR7ahIrEKaw=="
X-RZG-CLASS-ID: mo00
Received: from [IPv6:2a02:8109:89c0:ebfc:7cd8:48a4:7aa4:e860]
	by smtp.strato.de (RZmta 44.29.0 AUTH)
	with ESMTPSA id q007c8vAB8CCS3t
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA))
	(Client did not present a certificate);
	Mon, 11 Nov 2019 09:12:12 +0100 (CET)
Subject: Re: Bug 205201 - overflow of DMA mask and bus mask
From: Christian Zigotzky <chzigotzky@xenosoft.de>
To: Christoph Hellwig <hch@lst.de>
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
 linux-mm@kvack.org, iommu@lists.linux-foundation.org,
 Benjamin Herrenschmidt <benh@kernel.crashing.org>, paulus@samba.org,
 darren@stevens-zone.net, "contact@a-eon.com" <contact@a-eon.com>,
 rtd2@xtra.co.nz, mad skateman <madskateman@gmail.com>,
 Rob Herring <robh+dt@kernel.org>,
 linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
References: <20181213112511.GA4574@lst.de>
 <e109de27-f4af-147d-dc0e-067c8bafb29b@xenosoft.de>
 <ad5a5a8a-d232-d523-a6f7-e9377fc3857b@xenosoft.de>
 <e60d6ca3-860c-f01d-8860-c5e022ec7179@xenosoft.de>
 <008c981e-bdd2-21a7-f5f7-c57e4850ae9a@xenosoft.de>
 <20190103073622.GA24323@lst.de>
 <71A251A5-FA06-4019-B324-7AED32F7B714@xenosoft.de>
 <1b0c5c21-2761-d3a3-651b-3687bb6ae694@xenosoft.de>
 <3504ee70-02de-049e-6402-2d530bf55a84@xenosoft.de>
 <46025f1b-db20-ac23-7dcd-10bc43bbb6ee@xenosoft.de>
 <20191105162856.GA15402@lst.de>
 <2f3c81bd-d498-066a-12c0-0a7715cda18f@xenosoft.de>
 <d2c614ec-c56e-3ec2-12d0-7561cd30c643@xenosoft.de>
Message-ID: <af32bfcc-5559-578d-e1f4-75e454c965bf@xenosoft.de>
Date: Mon, 11 Nov 2019 09:12:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <d2c614ec-c56e-3ec2-12d0-7561cd30c643@xenosoft.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: de-DE
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 10 November 2019 at 08:27 am, Christian Zigotzky wrote:
> On 07 November 2019 at 10:53 am, Christian Zigotzky wrote:
>> On 05 November 2019 at 05:28 pm, Christoph Hellwig wrote:
>>> On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote:
>>>> Hi All,
>>>>
>>>> We still have DMA problems with some PCI devices. Since the PowerPC=20
>>>> updates
>>>> 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3D3500M) if we=
=20
>>>> want to
>>>> work with our PCI devices. The FSL P5020 and P5040 have these proble=
ms
>>>> currently.
>>>>
>>>> Error message:
>>>>
>>>> [=C2=A0=C2=A0 25.654852] bttv 1000:04:05.0: overflow 0x00000000fe077=
000+4096=20
>>>> of DMA
>>>> mask ffffffff bus mask df000000
>>>>
>>>> All 5.x Linux kernels can't initialize a SCSI PCI card anymore so=20
>>>> booting
>>>> of a Linux userland isn't possible.
>>>>
>>>> PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The=20
>>>> kernel
>>>> 4.20 works with all PCI devices without limitation of RAM.
>>> Can you send me the .config and a dmesg?=C2=A0 And in the meantime tr=
y the
>>> patch below?
>>>
>>> ---
>>> >From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 20=
01
>>> From: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
>>> Date: Fri, 18 Oct 2019 13:00:43 +0200
>>> Subject: dma-direct: check for overflows on 32 bit DMA addresses
>>>
>>> As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation=20
>>> it is
>>> possible for a device configured with 32 bit DMA addresses and a=20
>>> partial
>>> DMA mapping located at the end of the address space to overflow. It
>>> happens when a higher physical address, not DMAable, is translated to
>>> it's DMA counterpart.
>>>
>>> For example the Raspberry Pi 4, configurable up to 4 GB of memory, ha=
s
>>> an interconnect capable of addressing the lower 1 GB of physical memo=
ry
>>> with a DMA offset of 0xc0000000. It transpires that, any attempt to
>>> translate physical addresses higher than the first GB will result in =
an
>>> overflow which dma_capable() can't detect as it only checks for
>>> addresses bigger then the maximum allowed DMA address.
>>>
>>> Fix this by verifying in dma_capable() if the DMA address range=20
>>> provided
>>> is at any point lower than the minimum possible DMA address on the bu=
s.
>>>
>>> Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
>>> ---
>>> =C2=A0 include/linux/dma-direct.h | 8 ++++++++
>>> =C2=A0 1 file changed, 8 insertions(+)
>>>
>>> diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
>>> index adf993a3bd58..6ad9e9ea7564 100644
>>> --- a/include/linux/dma-direct.h
>>> +++ b/include/linux/dma-direct.h
>>> @@ -3,6 +3,7 @@
>>> =C2=A0 #define _LINUX_DMA_DIRECT_H 1
>>> =C2=A0 =C2=A0 #include <linux/dma-mapping.h>
>>> +#include <linux/memblock.h> /* for min_low_pfn */
>>> =C2=A0 #include <linux/mem_encrypt.h>
>>> =C2=A0 =C2=A0 #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA
>>> @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device=20
>>> *dev, dma_addr_t addr, size_t size)
>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if (!dev->dma_mask)
>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return false;
>>> =C2=A0 +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT
>>> +=C2=A0=C2=A0=C2=A0 /* Check if DMA address overflowed */
>>> +=C2=A0=C2=A0=C2=A0 if (min(addr, addr + size - 1) <
>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 __phys_to_dma(dev, (phys_=
addr_t)(min_low_pfn << PAGE_SHIFT)))
>>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return false;
>>> +#endif
>>> +
>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return addr + size - 1 <=3D
>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 min_not_zero(*=
dev->dma_mask, dev->bus_dma_mask);
>>> =C2=A0 }
>> Hello Christoph,
>>
>> Thanks a lot for your patch! Unfortunately this patch doesn't solve=20
>> the issue.
>>
>> Error messages:
>>
>> [=C2=A0=C2=A0=C2=A0 6.041163] bttv: driver version 0.9.19 loaded
>> [=C2=A0=C2=A0=C2=A0 6.041167] bttv: using 8 buffers with 2080k (520 pa=
ges) each for=20
>> capture
>> [=C2=A0=C2=A0=C2=A0 6.041559] bttv: Bt8xx card found (0)
>> [=C2=A0=C2=A0=C2=A0 6.041609] bttv: 0: Bt878 (rev 17) at 1000:04:05.0,=
 irq: 19,=20
>> latency: 128, mmio: 0xc20001000
>> [=C2=A0=C2=A0=C2=A0 6.041622] bttv: 0: using: Typhoon TView RDS + FM S=
tereo / KNC1=20
>> TV Station RDS [card=3D53,insmod option]
>> [=C2=A0=C2=A0=C2=A0 6.042216] bttv: 0: tuner type=3D5
>> [=C2=A0=C2=A0=C2=A0 6.111994] bttv: 0: audio absent, no audio device f=
ound!
>> [=C2=A0=C2=A0=C2=A0 6.176425] bttv: 0: Setting PLL: 28636363 =3D> 3546=
8950 (needs up=20
>> to 100ms)
>> [=C2=A0=C2=A0=C2=A0 6.200005] bttv: PLL set ok
>> [=C2=A0=C2=A0=C2=A0 6.209351] bttv: 0: registered device video0
>> [=C2=A0=C2=A0=C2=A0 6.211576] bttv: 0: registered device vbi0
>> [=C2=A0=C2=A0=C2=A0 6.214897] bttv: 0: registered device radio0
>> [=C2=A0 114.218806] bttv 1000:04:05.0: overflow 0x00000000ff507000+409=
6 of=20
>> DMA mask ffffffff bus mask df000000
>> [=C2=A0 114.218848] Modules linked in: rfcomm bnep tuner_simple=20
>> tuner_types tea5767 tuner tda7432 tvaudio msp3400 bttv tea575x=20
>> tveeprom videobuf_dma_sg videobuf_core rc_core videodev mc btusb=20
>> btrtl btbcm btintel bluetooth uio_pdrv_genirq uio ecdh_generic ecc
>> [=C2=A0 114.219012] [c0000001ecddf720] [80000000008ff6e8]=20
>> .buffer_prepare+0x150/0x268 [bttv]
>> [=C2=A0 114.219029] [c0000001ecddf860] [80000000008fff6c]=20
>> .bttv_qbuf+0x50/0x64 [bttv]
>>
>> -----
>>
>> Trace:
>>
>> [=C2=A0 462.783184] Call Trace:
>> [=C2=A0 462.783187] [c0000001c6c67420] [c0000000000b3358]=20
>> .report_addr+0xb8/0xc0 (unreliable)
>> [=C2=A0 462.783192] [c0000001c6c67490] [c0000000000b351c]=20
>> .dma_direct_map_page+0xf0/0x128
>> [=C2=A0 462.783195] [c0000001c6c67530] [c0000000000b35b0]=20
>> .dma_direct_map_sg+0x5c/0xac
>> [=C2=A0 462.783205] [c0000001c6c675e0] [8000000000862e88]=20
>> .__videobuf_iolock+0x660/0x6d8 [videobuf_dma_sg]
>> [=C2=A0 462.783220] [c0000001c6c676b0] [8000000000854274]=20
>> .videobuf_iolock+0x98/0xb4 [videobuf_core]
>> [=C2=A0 462.783271] [c0000001c6c67720] [80000000008686e8]=20
>> .buffer_prepare+0x150/0x268 [bttv]
>> [=C2=A0 462.783276] [c0000001c6c677c0] [8000000000854afc]=20
>> .videobuf_qbuf+0x2b8/0x428 [videobuf_core]
>> [=C2=A0 462.783288] [c0000001c6c67860] [8000000000868f6c]=20
>> .bttv_qbuf+0x50/0x64 [bttv]
>> [=C2=A0 462.783383] [c0000001c6c678e0] [80000000007bf208]=20
>> .v4l_qbuf+0x54/0x60 [videodev]
>> [=C2=A0 462.783402] [c0000001c6c67970] [80000000007c1eac]=20
>> .__video_do_ioctl+0x30c/0x3f8 [videodev]
>> [=C2=A0 462.783421] [c0000001c6c67a80] [80000000007c3c08]=20
>> .video_usercopy+0x18c/0x3dc [videodev]
>> [=C2=A0 462.783440] [c0000001c6c67c00] [80000000007bb14c]=20
>> .v4l2_ioctl+0x60/0x78 [videodev]
>> [=C2=A0 462.783460] [c0000001c6c67c90] [80000000007d3c48]=20
>> .v4l2_compat_ioctl32+0x9b4/0x1850 [videodev]
>> [=C2=A0 462.783468] [c0000001c6c67d70] [c0000000001ad9cc]=20
>> .__se_compat_sys_ioctl+0x284/0x127c
>> [=C2=A0 462.783473] [c0000001c6c67e20] [c00000000000067c]=20
>> system_call+0x60/0x6c
>> [=C2=A0 462.783475] Instruction dump:
>> [=C2=A0 462.783477] 40fe0044 60000000 892255d0 2f890000 40fe0020 3c82f=
fc5=20
>> 39200001 60000000
>> [=C2=A0 462.783483] 38842029 992255d0 485ad0d9 60000000 <0fe00000>=20
>> 38210070 e8010010 7c0803a6
>> [=C2=A0 462.783490] ---[ end trace b677d4a00458e277 ]---
>>
>> -----
>>
>> dmesg fsl p5040: https://bugzilla.kernel.org/attachment.cgi?id=3D28581=
3
>>
>> Kernel 5.4-rc6 config for the Cyrus+ board and for the QEMU ppce500=20
>> board (CPU: P5040 and P5020):=20
>> https://bugzilla.kernel.org/attachment.cgi?id=3D285815
>>
>> Bug report: https://bugzilla.kernel.org/show_bug.cgi?id=3D205201
>>
>> Thanks for your help,
>>
>> Christian
>
> Christoph,
>
> Do you have another patch for testing or shall I bisect?
>
> Thanks,
> Christian

Hi Christoph,

I have seen that I have activated the kernel config option=20
CONFIG_ARCH_DMA_ADDR_T_64BIT. That means your code in your patch won't=20
work if this kernel option is enabled.

+#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT
+=C2=A0=C2=A0=C2=A0 /* Check if DMA address overflowed */
+=C2=A0=C2=A0=C2=A0 if (min(addr, addr + size - 1) <
+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 __phys_to_dma(dev, (phys_addr=
_t)(min_low_pfn << PAGE_SHIFT)))
+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return false;
+#endif

I will delete the lines with ifndef and endif and will try it again.

Cheers,
Christian