linux-usb.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Guenter Roeck <linux@roeck-us.net>
To: Doug Anderson <dianders@chromium.org>
Cc: "Minas Harutyunyan" <hminas@synopsys.com>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Antti Seppälä" <a.seppala@gmail.com>,
	"Boris ARZUR" <boris@konbu.org>,
	linux-usb@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
	"Felipe Balbi" <balbi@kernel.org>,
	"Stefan Wahren" <stefan.wahren@i2se.com>,
	"Martin Schiller" <ms@dev.tdt.de>
Subject: Re: [RFT PATCH 1/4] usb: dwc2: Simplify and fix DMA alignment code
Date: Fri, 28 Feb 2020 09:59:05 -0800	[thread overview]
Message-ID: <20200228175905.GB3188@roeck-us.net> (raw)
In-Reply-To: <CAD=FV=VNsOo--1x+pkwhWOWSGAQyVB6g6CE+o4q7phPSXaDXRw@mail.gmail.com>

On Fri, Feb 28, 2020 at 08:14:35AM -0800, Doug Anderson wrote:
> Hi,
> 
> On Thu, Feb 27, 2020 at 8:28 PM Guenter Roeck <linux@roeck-us.net> wrote:
> >
> > On 2/27/20 2:27 PM, Guenter Roeck wrote:
> > > On 2/27/20 2:06 PM, Doug Anderson wrote:
> > [ ... ]
> > >>> -       if (urb->num_sgs || urb->sg ||
> > >>> -           urb->transfer_buffer_length == 0 ||
> > >>> +       if (urb->num_sgs || urb->sg || urb->transfer_buffer_length == 0 ||
> > >>> +           (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) ||
> > >>>             !((uintptr_t)urb->transfer_buffer & (DWC2_USB_DMA_ALIGN - 1)))
> > >>
> > >> Maybe I'm misunderstanding things, but it feels like we need something
> > >> more here.  Specifically I'm worried about the fact when the transfer
> > >> buffer is already aligned but the length is not a multiple of the
> > >> endpoint's maximum transfer size.  You need to handle that, right?
> > >> AKA something like this (untested):
> > >>
> > >> /* Simple case of not having to allocate a bounce buffer */
> > >> if (urb->num_sgs || urb->sg || urb->transfer_buffer_length == 0 ||
> > >>     (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP))
> > >>   return 0;
> > >>
> > >> /* Can also avoid bounce buffer if alignment and size are good */
> > >> maxp = usb_endpoint_maxp(&ep->desc);
> > >> if (maxp == urb->transfer_buffer_length &&
> > >
> > > No, transfer_buffer_length would have to be a multiple of maxp. There
> > > are many situations where roundup(transfer_buffer_length, maxp) !=
> > > transfer_buffer_length. I agree, this would be the prudent approach
> > > (and it was my original implementation), but then it didn't seem to
> > > cause trouble so far, and I was hesitant to add it in because it results
> > > in creating temporary buffers for almost every receive operation.
> > > I'd like to get some test feedback from Boris - if the current code
> > > causes crashes with his use case, we'll know that it is needed.
> > > Otherwise, we'll have to decide if the current approach (with fewer
> > > copies) is worth the risk, or if we want to play save and always
> > > copy if roundup(transfer_buffer_length, maxp) != transfer_buffer_length.
> > >
> >
> > Thinking more about this, the situation is actually much worse:
> > In Boris' testing, he found inbound transactions requested by usb
> > storage code with a requested transfer size of 13 bytes ... with
> > URB_NO_TRANSFER_DMA_MAP set. This means the requesting code has
> > provided a DMA ready buffer, transfer_buffer isn't even used,
> > and we can not reallocate it. In this situation we can just hope
> > that the chip (and the connected USB device) don't send more data
> > than requested.
> >
> > With that in mind, I think we should stick with the current
> > scheme (ie only allocate a new buffer if the provided buffer is
> > unaligned) unless Boris comes back and tells us that it doesn't
> > work.
> 
> I dunno.  I'd rather see correctness over performance.  Certainly we'd
> only need to do the extra bounce buffer for input buffers at least.
> 
> Although I don't love the idea, is this something where we want to
> introduce a config option (either runtime or through KConfig),
> something like:
> 
> CONFIG_DWC2_FAST_AND_LOOSE - Avoid bounce buffers and thus run faster
> at the risk of a bad USB device being able to clobber some of your
> memory.  Only do this if you really care about speed and have some
> trust in the USB devices connected to your system.
> 

I understand your point. Unfortunately that would only work if the driver
doesn't set URB_NO_TRANSFER_DMA_MAP.

$ git grep "=.*URB_NO_TRANSFER_DMA_MAP" | wc
    115     498   10104

isn't exactly reassuring - a quick checks suggests that almost 50%
of USB drivers set this flag.

So all we'd really accomplish is to give people a false sense of
security.

In this context, I did play around with configuring the real receive
buffer size (ie in my reproducer 1522 instead of 1536). If I do that,
reading the HCTSIZ register after the transfer reports 0x7fff2
(or -14 = 1522-1536 if I treat the value as signed) as actual transfer
size. Maybe that would be an option, if properly handled, but who knows
what the IP actually does in this case, and what it does on other
implementations (not rk3288).

Guenter

  reply	other threads:[~2020-02-28 17:59 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-26 21:04 [RFT PATCH 0/4] usb: dwc2: Fixes and improvements Guenter Roeck
2020-02-26 21:04 ` [RFT PATCH 1/4] usb: dwc2: Simplify and fix DMA alignment code Guenter Roeck
2020-02-27 22:06   ` Doug Anderson
2020-02-27 22:27     ` Guenter Roeck
2020-02-28  4:28       ` Guenter Roeck
2020-02-28 16:14         ` Doug Anderson
2020-02-28 17:59           ` Guenter Roeck [this message]
2020-02-29  7:46             ` Antti Seppälä
2020-02-29 15:25               ` Guenter Roeck
2020-02-29 16:33                 ` Antti Seppälä
2020-03-01 15:51                   ` Antti Seppälä
2020-03-01 16:24                     ` Guenter Roeck
2020-03-01 16:51                       ` Antti Seppälä
2020-03-01 17:13                         ` Guenter Roeck
2020-02-28 16:26     ` Stefan Wahren
2020-02-26 21:04 ` [RFT PATCH 2/4] usb: dwc2: Do not update data length if it is 0 on inbound transfers Guenter Roeck
2020-02-27 22:06   ` Doug Anderson
2020-02-28  0:32     ` Guenter Roeck
2020-02-26 21:04 ` [RFT PATCH 3/4] usb: dwc2: Abort transaction after errors with unknown reason Guenter Roeck
2020-02-27 22:06   ` Doug Anderson
2020-02-28  0:36     ` Guenter Roeck
2020-02-26 21:04 ` [RFT PATCH 4/4] usb: dwc2: Make "trimming xfer length" a debug message Guenter Roeck
2020-02-27 22:07   ` Doug Anderson
2020-02-28  0:38     ` Guenter Roeck
2020-02-29  1:50 ` [RFT PATCH 0/4] usb: dwc2: Fixes and improvements Boris ARZUR
2021-01-12 19:40 ` Nicolas Saenz Julienne
2021-01-12 19:44 ` Nicolas Saenz Julienne
2021-01-13  4:48   ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200228175905.GB3188@roeck-us.net \
    --to=linux@roeck-us.net \
    --cc=a.seppala@gmail.com \
    --cc=balbi@kernel.org \
    --cc=boris@konbu.org \
    --cc=dianders@chromium.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=hminas@synopsys.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=ms@dev.tdt.de \
    --cc=stefan.wahren@i2se.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).