# git rev-parse -q --verify bddac7c1e02ba47f0570e494c9289acea3062cc1^{commit} bddac7c1e02ba47f0570e494c9289acea3062cc1 already have revision, skipping fetch # git checkout -q -f -B kisskb bddac7c1e02ba47f0570e494c9289acea3062cc1 # git clean -qxdf # < git log -1 # commit bddac7c1e02ba47f0570e494c9289acea3062cc1 # Author: Linus Torvalds # Date: Sat Mar 26 10:42:04 2022 -0700 # # Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" # # This reverts commit aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13. # # It turns out this breaks at least the ath9k wireless driver, and # possibly others. # # What the ath9k driver does on packet receive is to set up the DMA # transfer with: # # int ath_rx_init(..) # .. # bf->bf_buf_addr = dma_map_single(sc->dev, skb->data, # common->rx_bufsize, # DMA_FROM_DEVICE); # # and then the receive logic (through ath_rx_tasklet()) will fetch # incoming packets # # static bool ath_edma_get_buffers(..) # .. # dma_sync_single_for_cpu(sc->dev, bf->bf_buf_addr, # common->rx_bufsize, DMA_FROM_DEVICE); # # ret = ath9k_hw_process_rxdesc_edma(ah, rs, skb->data); # if (ret == -EINPROGRESS) { # /*let device gain the buffer again*/ # dma_sync_single_for_device(sc->dev, bf->bf_buf_addr, # common->rx_bufsize, DMA_FROM_DEVICE); # return false; # } # # and it's worth noting how that first DMA sync: # # dma_sync_single_for_cpu(..DMA_FROM_DEVICE); # # is there to make sure the CPU can read the DMA buffer (possibly by # copying it from the bounce buffer area, or by doing some cache flush). # The iommu correctly turns that into a "copy from bounce bufer" so that # the driver can look at the state of the packets. # # In the meantime, the device may continue to write to the DMA buffer, but # we at least have a snapshot of the state due to that first DMA sync. # # But that _second_ DMA sync: # # dma_sync_single_for_device(..DMA_FROM_DEVICE); # # is telling the DMA mapping that the CPU wasn't interested in the area # because the packet wasn't there. In the case of a DMA bounce buffer, # that is a no-op. # # Note how it's not a sync for the CPU (the "for_device()" part), and it's # not a sync for data written by the CPU (the "DMA_FROM_DEVICE" part). # # Or rather, it _should_ be a no-op. That's what commit aa6f8dcbab47 # broke: it made the code bounce the buffer unconditionally, and changed # the DMA_FROM_DEVICE to just unconditionally and illogically be # DMA_TO_DEVICE. # # [ Side note: purely within the confines of the swiotlb driver it wasn't # entirely illogical: The reason it did that odd DMA_FROM_DEVICE -> # DMA_TO_DEVICE conversion thing is because inside the swiotlb driver, # it uses just a swiotlb_bounce() helper that doesn't care about the # whole distinction of who the sync is for - only which direction to # bounce. # # So it took the "sync for device" to mean that the CPU must have been # the one writing, and thought it meant DMA_TO_DEVICE. ] # # Also note how the commentary in that commit was wrong, probably due to # that whole confusion, claiming that the commit makes the swiotlb code # # "bounce unconditionally (that is, also # when dir == DMA_TO_DEVICE) in order do avoid synchronising back stale # data from the swiotlb buffer" # # which is nonsensical for two reasons: # # - that "also when dir == DMA_TO_DEVICE" is nonsensical, as that was # exactly when it always did - and should do - the bounce. # # - since this is a sync for the device (not for the CPU), we're clearly # fundamentally not coping back stale data from the bounce buffers at # all, because we'd be copying *to* the bounce buffers. # # So that commit was just very confused. It confused the direction of the # synchronization (to the device, not the cpu) with the direction of the # DMA (from the device). # # Reported-and-bisected-by: Oleksandr Natalenko # Reported-by: Olha Cherevyk # Cc: Halil Pasic # Cc: Christoph Hellwig # Cc: Kalle Valo # Cc: Robin Murphy # Cc: Toke Høiland-Jørgensen # Cc: Maxime Bizon # Cc: Johannes Berg # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sparc64-linux/bin/sparc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sparc64-linux/bin/sparc64-linux-ld --version # < git log --format=%s --max-count=1 bddac7c1e02ba47f0570e494c9289acea3062cc1 # < make -s -j 32 ARCH=sparc O=/kisskb/build/linus_sparc-allmodconfig_sparc64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sparc64-linux/bin/sparc64-linux- allmodconfig # Added to kconfig CONFIG_64BIT=n # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_HAVE_FTRACE_MCOUNT_RECORD=n # Added to kconfig CONFIG_SAMPLES=n # Added to kconfig CONFIG_MODULE_SIG=n # < make -s -j 32 ARCH=sparc O=/kisskb/build/linus_sparc-allmodconfig_sparc64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sparc64-linux/bin/sparc64-linux- help # make -s -j 32 ARCH=sparc O=/kisskb/build/linus_sparc-allmodconfig_sparc64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sparc64-linux/bin/sparc64-linux- olddefconfig # make -s -j 32 ARCH=sparc O=/kisskb/build/linus_sparc-allmodconfig_sparc64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sparc64-linux/bin/sparc64-linux- :1517:2: warning: #warning syscall clone3 not implemented [-Wcpp] /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_page_for_dma': /kisskb/src/arch/sparc/mm/srmmu.c:1639:13: error: cast between incompatible function types from 'void (*)(long unsigned int)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1639 | xc1((smpfunc_t) local_ops->page_for_dma, page); | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_cache_mm': /kisskb/src/arch/sparc/mm/srmmu.c:1662:29: error: cast between incompatible function types from 'void (*)(struct mm_struct *)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1662 | xc1((smpfunc_t) local_ops->cache_mm, (unsigned long) mm); | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_tlb_mm': /kisskb/src/arch/sparc/mm/srmmu.c:1674:29: error: cast between incompatible function types from 'void (*)(struct mm_struct *)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1674 | xc1((smpfunc_t) local_ops->tlb_mm, (unsigned long) mm); | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_cache_range': /kisskb/src/arch/sparc/mm/srmmu.c:1694:29: error: cast between incompatible function types from 'void (*)(struct vm_area_struct *, long unsigned int, long unsigned int)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1694 | xc3((smpfunc_t) local_ops->cache_range, | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_tlb_range': /kisskb/src/arch/sparc/mm/srmmu.c:1711:29: error: cast between incompatible function types from 'void (*)(struct vm_area_struct *, long unsigned int, long unsigned int)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1711 | xc3((smpfunc_t) local_ops->tlb_range, | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_cache_page': /kisskb/src/arch/sparc/mm/srmmu.c:1726:29: error: cast between incompatible function types from 'void (*)(struct vm_area_struct *, long unsigned int)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1726 | xc2((smpfunc_t) local_ops->cache_page, | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_tlb_page': /kisskb/src/arch/sparc/mm/srmmu.c:1741:29: error: cast between incompatible function types from 'void (*)(struct vm_area_struct *, long unsigned int)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1741 | xc2((smpfunc_t) local_ops->tlb_page, | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_page_to_ram': /kisskb/src/arch/sparc/mm/srmmu.c:1756:13: error: cast between incompatible function types from 'void (*)(long unsigned int)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1756 | xc1((smpfunc_t) local_ops->page_to_ram, page); | ^ /kisskb/src/arch/sparc/mm/srmmu.c: In function 'smp_flush_sig_insns': /kisskb/src/arch/sparc/mm/srmmu.c:1767:21: error: cast between incompatible function types from 'void (*)(struct mm_struct *, long unsigned int)' to 'void (*)(long unsigned int, long unsigned int, long unsigned int, long unsigned int, long unsigned int)' [-Werror=cast-function-type] 1767 | xc2((smpfunc_t) local_ops->sig_insns, | ^ cc1: all warnings being treated as errors make[3]: *** [/kisskb/src/scripts/Makefile.build:288: arch/sparc/mm/srmmu.o] Error 1 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [/kisskb/src/scripts/Makefile.build:550: arch/sparc/mm] Error 2 make[2]: *** Waiting for unfinished jobs.... make[1]: *** [/kisskb/src/Makefile:1832: arch/sparc] Error 2 make[1]: *** Waiting for unfinished jobs.... /kisskb/src/crypto/blake2b_generic.c: In function 'blake2b_compress_one_generic': /kisskb/src/crypto/blake2b_generic.c:109:1: error: the frame size of 2288 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] 109 | } | ^ cc1: all warnings being treated as errors make[2]: *** [/kisskb/src/scripts/Makefile.build:288: crypto/blake2b_generic.o] Error 1 make[2]: *** Waiting for unfinished jobs.... make[1]: *** [/kisskb/src/Makefile:1832: crypto] Error 2 make: *** [Makefile:219: __sub-make] Error 2 Command 'make -s -j 32 ARCH=sparc O=/kisskb/build/linus_sparc-allmodconfig_sparc64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/sparc64-linux/bin/sparc64-linux- ' returned non-zero exit status 2 # rm -rf /kisskb/build/linus_sparc-allmodconfig_sparc64-gcc11 # Build took: 0:02:30.624472