From: Kalle Valo <firstname.lastname@example.org>
To: Christian Lamparter <email@example.com>
Cc: Jia-Ju Bai <firstname.lastname@example.org>,
Vinod Koul <email@example.com>
Subject: Re: [PATCH] p54: avoid accessing the data mapped to streaming DMA
Date: Mon, 31 Aug 2020 17:00:10 +0300 [thread overview]
Message-ID: <firstname.lastname@example.org> (raw)
In-Reply-To: <email@example.com> (Christian Lamparter's message of "Fri, 28 Aug 2020 23:19:09 +0200")
Christian Lamparter <firstname.lastname@example.org> writes:
> On 2020-08-26 18:02, Kalle Valo wrote:
>> Christian Lamparter <email@example.com> writes:
>>> On 2020-08-02 15:29, Jia-Ju Bai wrote:
>>>> In p54p_tx(), skb->data is mapped to streaming DMA on line 337:
>>>> mapping = pci_map_single(..., skb->data, ...);
>>>> Then skb->data is accessed on line 349:
>>>> desc->device_addr = ((struct p54_hdr *)skb->data)->req_id;
>>>> This access may cause data inconsistency between CPU cache and hardware.
>>>> To fix this problem, ((struct p54_hdr *)skb->data)->req_id is stored in
>>>> a local variable before DMA mapping, and then the driver accesses this
>>>> local variable instead of skb->data.
>>> Interesting. Please bear with me here. From my understanding, the
>>> streaming direction is set to PCI_DMA_TODEVICE. So is it really
>>> possible for the hardware to interfere with the data without the IOMMU
>>> catching this?
>> Also is there any documentation about this scenario? I would like to
>> understand this better.
> I usually rely on the information present in Documentation:
> The relevant extract for p54's DMA_TO_DEVICE decision likely comes from:
> "For Networking drivers, it's a rather simple affair. For transmit
> packets, map/unmap them with the DMA_TO_DEVICE direction
> specifier. For receive packets, just the opposite, map/unmap them
> with the DMA_FROM_DEVICE direction specifier."
> "Only streaming mappings specify a direction, consistent mappings
> implicitly have a direction attribute setting of DMA_BIDIRECTIONAL."
This is not very clearly written, I guess it's assumed everyone know
this stuff :)
> But looking around on the Internet, I came across this in "Chapter 15.
> Memory Mapping and DMA" of the Linux Device Drivers, 3rd Edition:
> |Setting up streaming DMA mappings
> |Some important rules apply to streaming DMA mappings:
> | * [...]
> | * Once a buffer has been mapped, it belongs to the device, not the
> | processor. Until the buffer has been unmapped, the driver should
> not | touch its contents in any way. Only after dma_unmap_single has
> been | called is it safe for the driver to access the contents of
> | buffer (with one exception that we see shortly). Among other things,
> | this rule implies that a buffer being written to a device cannot be
> | mapped until it contains all the data to write."
> | [...] (More informative text, but only)
> From the sentence "Once a buffer has been mapped, it belongs to the
> device, not the processor". I think that Jia-Ju Bai's patch is doing
> exactly this "by the book".
Yeah, this is much better and understandable. Thanks for checking.
> Therefore, it should be applied and backported:
> Cc: <firstname.lastname@example.org>
Ok, I'll add that.
next prev parent reply other threads:[~2020-08-31 14:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-02 13:29 [PATCH] p54: avoid accessing the data mapped to streaming DMA Jia-Ju Bai
2020-08-18 12:41 ` Kalle Valo
2020-08-18 17:27 ` Christian Lamparter
2020-08-26 16:02 ` Kalle Valo
2020-08-28 21:19 ` Christian Lamparter
2020-08-31 14:00 ` Kalle Valo [this message]
2020-09-01 9:34 ` Kalle Valo
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).