From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 57D8BC4332F for ; Mon, 14 Nov 2022 15:15:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:From:References:Cc:To:Subject: MIME-Version:Date:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=NuX3VUeVL4iuAAt3XR0fsW/5Og3pLx3Ts8f1rUwFmk4=; b=YdLXVmibo7jZe8 w2x6uSkGUDjFhCYtEQ/LpQxGgLm9N+eCWBhqcs0wJ9d2bopyQSxQoz1FfDlJ1Aq2UDc/9VWe8qk5n N5AbguL1usJai8q2r/FcbKD8iB3LkTdCjsNwQLH6y6TtJZesGA7bN1H8HWS4/6bvkl2ofuNVYIs0a P0CYygmFc2MIhoD1AoXdTKCer5H2C5nqQYQe/1ownmWJxs2d0OcunMQIOLOjvdZWSzMOQrNwT6thl +5N5UWyxvUbHBdXll7TFq8F1EF76uyhnz4QDGxgMN3w4PWFX+ppwfUBcV7V3zkmYo0w8i4zoQ/KWO 1GGuux1LuwW85AAJXOVQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oubAU-0029EO-1t; Mon, 14 Nov 2022 15:14:38 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oubAQ-0029BP-KU for linux-arm-kernel@lists.infradead.org; Mon, 14 Nov 2022 15:14:36 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1382623A; Mon, 14 Nov 2022 07:14:35 -0800 (PST) Received: from [10.57.70.90] (unknown [10.57.70.90]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 665E73F534; Mon, 14 Nov 2022 07:14:27 -0800 (PST) Message-ID: <1659929b-1372-cea6-5840-c58369a4252d@arm.com> Date: Mon, 14 Nov 2022 15:14:21 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Thunderbird/102.4.1 Subject: Re: [PATCH] Revert "arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()" Content-Language: en-GB To: Will Deacon , Manivannan Sadhasivam Cc: catalin.marinas@arm.com, amit.pundir@linaro.org, andersson@kernel.org, quic_sibis@quicinc.com, sumit.semwal@linaro.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org References: <20221114110329.68413-1-manivannan.sadhasivam@linaro.org> <20221114141109.GG30263@willie-the-truck> From: Robin Murphy In-Reply-To: <20221114141109.GG30263@willie-the-truck> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221114_071434_748718_9FE29419 X-CRM114-Status: GOOD ( 16.83 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 2022-11-14 14:11, Will Deacon wrote: > On Mon, Nov 14, 2022 at 04:33:29PM +0530, Manivannan Sadhasivam wrote: >> This reverts commit c44094eee32f32f175aadc0efcac449d99b1bbf7. >> >> As reported by Amit [1], dropping cache invalidation from >> arch_dma_prep_coherent() triggers a crash on the Qualcomm SM8250 platform >> (most probably on other Qcom platforms too). The reason is, Qcom >> qcom_q6v5_mss driver copies the firmware metadata and shares it with modem >> for validation. The modem has a secure block (XPU) that will trigger a >> whole system crash if the shared memory is accessed by the CPU while modem >> is poking at it. >> >> To avoid this issue, the qcom_q6v5_mss driver allocates a chunk of memory >> with no kernel mapping, vmap's it, copies the firmware metadata and >> unvmap's it. Finally the address is then shared with modem for metadata >> validation [2]. >> >> Now because of the removal of cache invalidation from >> arch_dma_prep_coherent(), there will be cache lines associated with this >> memory even after sharing with modem. So when the CPU accesses it, the XPU >> violation gets triggered. > > This last past is a non-sequitur: the buffer is no longer mapped on the CPU > side, so how would the CPU access it? Right, for the previous change to have made a difference the offending part of this buffer must be present in some cache somewhere *before* the DMA buffer allocation completes. Clearly that driver is completely broken though. If the DMA allocation came from a no-map carveout vma_dma_alloc_from_dev_coherent() then the vmap() shenanigans wouldn't work, so if it backed by struct pages then the whole dance is still pointless because *a cacheable linear mapping exists*, and it's just relying on the reduced chance that anything's going to re-fetch the linear map address after those pages have been allocated, exactly as I called out previously[1]. Robin. [1] https://lore.kernel.org/linux-arm-kernel/97fface8-e40e-072c-4335-c94094884e93@arm.com/ > As I just replied to Amit, we need more information about what this > "access" is and how it is being detected. > > Will _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel