From: Florian Fainelli <f.fainelli@gmail.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Linus Walleij <linus.walleij@linaro.org>,
Rob Herring <robh+dt@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Ard Biesheuvel <ardb@kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
Russell King <rmk+kernel@armlinux.org.uk>,
Nicolas Pitre <nico@fluxnic.net>
Subject: Re: MAX_DMA_ADDRESS overflow with non-zero arm_dma_zone_size and VMSPLIT_3G
Date: Wed, 23 Mar 2022 13:36:21 -0700 [thread overview]
Message-ID: <8cdf4780-f704-e23f-9ba6-34ae61cfef62@gmail.com> (raw)
In-Reply-To: <CAMuHMdVJrPpZhQGNxj+vQVo19Cvr326E8XvPzoPKGZRAbop1MQ@mail.gmail.com>
On 3/23/22 13:28, Geert Uytterhoeven wrote:
> Hi Florian,
>
> On Wed, Mar 23, 2022 at 8:52 PM Florian Fainelli <f.fainelli@gmail.com> wrote:
>> On 3/23/22 09:53, Geert Uytterhoeven wrote:
>>> On Wed, Mar 23, 2022 at 4:02 PM Linus Walleij <linus.walleij@linaro.org> wrote:
>>>> On Mon, Mar 21, 2022 at 4:46 AM Florian Fainelli <f.fainelli@gmail.com> wrote:
>>>>> All of the virt_to_phys() and related functions either take a pointer
>>>>> size argument (const volatile void *) or an unsigned long argument and
>>>>> these are virtual addresses so unable to go over 32-bit anyway.
>>>>
>>>> Oh I ran into that too, in some different context that I since forgot.
>>>> A macro that works the same on pointers and unsigned long but with
>>>> slightly different semantics :P
>>>>
>>>> I don't know what is the proper thing to do here. Let's involve Arnd
>>>> and Ard and Geert!
>>>>
>>>>> Since MAX_DMA_ADDRESS is intended to be "This is the maximum virtual
>>>>> address which can be DMA'd from.", should we make sure that we clamp it
>>>>> below 32-bit in case it overflows?
>>>>
>>>> Hmmmm.... I don't know what that would mean in practice?
>>>
>>>>> While debugging numerous KASAN splats with CONFIG_DEBUG_VIRTUAL on ARM
>>>>> 32-bit with a Raspberry Pi 4B 4GB, it finally clicked that the problem
>>>>> is with the use of __virt_to_phys(MAX_DMA_ADDRESS). Since that platform
>>>>> has CONFIG_ZONE_DMA enabled, we end-up with:
>>>>>
>>>>> #define MAX_DMA_ADDRESS ({ \
>>>>> extern phys_addr_t arm_dma_zone_size; \
>>>>> arm_dma_zone_size && arm_dma_zone_size < (0x10000000 -
>>>>> PAGE_OFFSET) ? \
>>>>> (PAGE_OFFSET + arm_dma_zone_size) : 0xffffffffUL; })
>>>
>>> I guess that should be "PAGE_OFFSET + (arm_dma_zone_size - 1)"?
>>
>> Yes, we are definitively off by one here, so this is a good catch and
>> this will work for bcm2711 and any platform whereby PAGE_OFFSET +
>> arm_dma_zone_size < 0xffff_ffff.
>>
>> There are a few that will still overflow that quantity:
>>
>> arch/arm/mach-highbank/highbank.c: .dma_zone_size = (4ULL * SZ_1G),
>> arch/arm/mach-keystone/keystone.c: .dma_zone_size = SZ_2G,
>> arch/arm/mach-omap2/board-generic.c: .dma_zone_size = SZ_2G,
>> arch/arm/mach-omap2/board-generic.c: .dma_zone_size = SZ_2G,
>> arch/arm/mach-omap2/board-generic.c: .dma_zone_size = SZ_2G,
>
> Better show some context:
>
> $ git grep -W "\<dma_zone_size.*SZ_.G" -- arch/arm
> arch/arm/mach-bcm/bcm2711.c=DT_MACHINE_START(BCM2711, "BCM2711")
> arch/arm/mach-bcm/bcm2711.c-#ifdef CONFIG_ZONE_DMA
> arch/arm/mach-bcm/bcm2711.c: .dma_zone_size = SZ_1G,
>
> So this is the problematic one?
The one that prompted this email yes, definitively problematic :D
>
> arch/arm/mach-bcm/bcm2711.c-#endif
> arch/arm/mach-bcm/bcm2711.c- .dt_compat = bcm2711_compat,
> arch/arm/mach-bcm/bcm2711.c- .smp = smp_ops(bcm2836_smp_ops),
> --
> arch/arm/mach-highbank/highbank.c=DT_MACHINE_START(HIGHBANK, "Highbank")
> arch/arm/mach-highbank/highbank.c-#if defined(CONFIG_ZONE_DMA) &&
> defined(CONFIG_ARM_LPAE)
> arch/arm/mach-highbank/highbank.c: .dma_zone_size = (4ULL * SZ_1G),
>
> This is fine, as LPAE implies physaddr_t is 64-bit.
>
> arch/arm/mach-highbank/highbank.c-#endif
>
> The omap ones are fine for the same reason (LPAE).
Well it is fine except that MAX_DMA_ADDRESS is supposed to be a
*virtual* address so it will be 32-bit only even with LPAE, if it was a
physical one, we would be fine. By adding PAGE_OFFSET to get a virtual
address, we are definitively going above 32-bits.
--
Florian
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
prev parent reply other threads:[~2022-03-23 20:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-21 3:46 MAX_DMA_ADDRESS overflow with non-zero arm_dma_zone_size and VMSPLIT_3G Florian Fainelli
2022-03-23 15:02 ` Linus Walleij
2022-03-23 16:53 ` Geert Uytterhoeven
2022-03-23 19:52 ` Florian Fainelli
2022-03-23 20:28 ` Geert Uytterhoeven
2022-03-23 20:36 ` Florian Fainelli [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8cdf4780-f704-e23f-9ba6-34ae61cfef62@gmail.com \
--to=f.fainelli@gmail.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=geert@linux-m68k.org \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=nico@fluxnic.net \
--cc=rmk+kernel@armlinux.org.uk \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).