linux

mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-21 08:53:41 +00:00

History

Dan Williams 7787380336 net_dma: mark broken net_dma can cause data to be copied to a stale mapping if a copy-on-write fault occurs during dma. The application sees missing data. The following trace is triggered by modifying the kernel to WARN if it ever triggers copy-on-write on a page that is undergoing dma: WARNING: CPU: 24 PID: 2529 at lib/dma-debug.c:485 debug_dma_assert_idle+0xd2/0x120() ioatdma 0000:00:04.0: DMA-API: cpu touching an active dma mapped page [pfn=0x16bcd9] Modules linked in: iTCO_wdt iTCO_vendor_support ioatdma lpc_ich pcspkr dca CPU: 24 PID: 2529 Comm: linbug Tainted: G W 3.13.0-rc1+ #353 00000000000001e5 ffff88016f45f688 ffffffff81751041 ffff88017ab0ef70 ffff88016f45f6d8 ffff88016f45f6c8 ffffffff8104ed9c ffffffff810f3646 ffff8801768f4840 0000000000000282 ffff88016f6cca10 00007fa2bb699349 Call Trace: [<ffffffff81751041>] dump_stack+0x46/0x58 [<ffffffff8104ed9c>] warn_slowpath_common+0x8c/0xc0 [<ffffffff810f3646>] ? ftrace_pid_func+0x26/0x30 [<ffffffff8104ee86>] warn_slowpath_fmt+0x46/0x50 [<ffffffff8139c062>] debug_dma_assert_idle+0xd2/0x120 [<ffffffff81154a40>] do_wp_page+0xd0/0x790 [<ffffffff811582ac>] handle_mm_fault+0x51c/0xde0 [<ffffffff813830b9>] ? copy_user_enhanced_fast_string+0x9/0x20 [<ffffffff8175fc2c>] __do_page_fault+0x19c/0x530 [<ffffffff8175c196>] ? _raw_spin_lock_bh+0x16/0x40 [<ffffffff810f3539>] ? trace_clock_local+0x9/0x10 [<ffffffff810fa1f4>] ? rb_reserve_next_event+0x64/0x310 [<ffffffffa0014c00>] ? ioat2_dma_prep_memcpy_lock+0x60/0x130 [ioatdma] [<ffffffff8175ffce>] do_page_fault+0xe/0x10 [<ffffffff8175c862>] page_fault+0x22/0x30 [<ffffffff81643991>] ? __kfree_skb+0x51/0xd0 [<ffffffff813830b9>] ? copy_user_enhanced_fast_string+0x9/0x20 [<ffffffff81388ea2>] ? memcpy_toiovec+0x52/0xa0 [<ffffffff8164770f>] skb_copy_datagram_iovec+0x5f/0x2a0 [<ffffffff8169d0f4>] tcp_rcv_established+0x674/0x7f0 [<ffffffff816a68c5>] tcp_v4_do_rcv+0x2e5/0x4a0 [..] ---[ end trace e30e3b01191b7617 ]--- Mapped at: [<ffffffff8139c169>] debug_dma_map_page+0xb9/0x160 [<ffffffff8142bf47>] dma_async_memcpy_pg_to_pg+0x127/0x210 [<ffffffff8142cce9>] dma_memcpy_pg_to_iovec+0x119/0x1f0 [<ffffffff81669d3c>] dma_skb_copy_datagram_iovec+0x11c/0x2b0 [<ffffffff8169d1ca>] tcp_rcv_established+0x74a/0x7f0: ...the problem is that the receive path falls back to cpu-copy in several locations and this trace is just one of the areas. A few options were considered to fix this: 1/ sync all dma whenever a cpu copy branch is taken 2/ modify the page fault handler to hold off while dma is in-flight Option 1 adds yet more cpu overhead to an "offload" that struggles to compete with cpu-copy. Option 2 adds checks for behavior that is already documented as broken when using get_user_pages(). At a minimum a debug mode is warranted to catch and flag these violations of the dma-api vs get_user_pages(). Thanks to David for his reproducer. Cc: <stable@vger.kernel.org> Cc: Dave Jiang <dave.jiang@intel.com> Cc: Vinod Koul <vinod.koul@intel.com> Cc: Alexander Duyck <alexander.h.duyck@intel.com> Reported-by: David Whipple <whipple@securedatainnovations.ch> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Dan Williams <dan.j.williams@intel.com>		2013-12-18 12:53:43 -08:00
..
accessibility
acpi	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
amba
ata	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
atm	atm: idt77252: fix dev refcnt leak	2013-11-19 15:53:02 -05:00
auxdisplay
base	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
bcma	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2013-11-13 17:40:34 +09:00
block	kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS cleanly	2013-11-21 16:42:27 -08:00
bluetooth
bus	Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm	2013-11-14 08:51:29 +09:00
cdrom
char	Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2013-11-21 19:46:00 -08:00
clk	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2013-11-15 16:47:22 -08:00
clocksource
connector	connector: improved unaligned access error fix	2013-11-14 17:19:20 -05:00
cpufreq	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
cpuidle	ACPI and power management updates for 3.13-rc1	2013-11-14 13:41:48 +09:00
crypto	tree-wide: use reinit_completion instead of INIT_COMPLETION	2013-11-15 09:32:21 +09:00
dca
devfreq
dio
dma	net_dma: mark broken	2013-12-18 12:53:43 -08:00
edac	Merge branch 'linux_next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac	2013-11-18 14:51:52 -08:00
eisa
extcon
firewire	tree-wide: use reinit_completion instead of INIT_COMPLETION	2013-11-15 09:32:21 +09:00
firmware	Merge branch 'for-linus-dma-masks' of git://git.linaro.org/people/rmk/linux-arm	2013-11-14 07:55:21 +09:00
fmc
gpio	ACPI / driver core: Store an ACPI device pointer in struct acpi_dev_node	2013-11-14 23:14:43 +01:00
gpu	drm/sysfs: fix hotplug regression since lifetime changes	2013-11-21 21:10:00 +10:00
hid	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
hsi
hv
hwmon	hwmon: (acpi_power_meter) Fix acpi_bus_get_device() return value check	2013-11-20 08:31:01 -08:00
hwspinlock
i2c	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
ide	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
idle	Merge branch 'pm-cpuidle'	2013-11-19 01:06:28 +01:00
iio	kfifo API type safety	2013-11-15 09:32:23 +09:00
infiniband	Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending	2013-11-22 10:52:03 -08:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid	2013-11-15 16:48:22 -08:00
iommu	Don't try to compile shmobile-iommu outside of ARM	2013-11-15 18:57:42 -08:00
ipack
irqchip	Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm	2013-11-14 08:51:29 +09:00
isdn	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
leds
lguest
macintosh	DeviceTree updates for 3.13. This is a bit larger pull request than	2013-11-12 16:52:17 +09:00
mailbox
md	md update for 3.13.	2013-11-20 13:05:25 -08:00
media	Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma	2013-11-20 13:20:24 -08:00
memory
memstick	tree-wide: use reinit_completion instead of INIT_COMPLETION	2013-11-15 09:32:21 +09:00
message	drivers/message/i2o/driver.c: add missing destroy_workqueue() on error in i2o_driver_register()	2013-11-13 12:09:26 +09:00
mfd	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2013-11-15 16:47:22 -08:00
misc	Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma	2013-11-20 13:20:24 -08:00
mmc	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
mtd	Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma	2013-11-20 13:20:24 -08:00
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2013-11-22 09:57:35 -08:00
nfc
ntb	dmaengine: remove DMA unmap flags	2013-11-14 11:04:38 -08:00
nubus
of	Merge branch 'for-linus-dma-masks' of git://git.linaro.org/people/rmk/linux-arm	2013-11-14 07:55:21 +09:00
oprofile
parisc
parport	Kconfig cleanups for v3.13	2013-11-15 14:05:15 -08:00
pci	PCI updates for v3.13:	2013-11-22 10:53:47 -08:00
pcmcia	DeviceTree updates for 3.13. This is a bit larger pull request than	2013-11-12 16:52:17 +09:00
phy
pinctrl	pinctrl: single: call pcs_soc->rearm() whenever IRQ mask is changed	2013-11-14 10:43:17 -08:00
platform	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
pnp	ACPI: Eliminate the DEVICE_ACPI_HANDLE() macro	2013-11-14 23:17:21 +01:00
power	Highlights:	2013-11-18 15:35:09 -08:00
powercap
pps	drivers/pps/clients/pps-gpio.c: remove redundant of_match_ptr	2013-11-13 12:09:35 +09:00
ps3
ptp
pwm
rapidio
regulator	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2013-11-15 16:47:22 -08:00
remoteproc
reset
rpmsg
rtc	ARM: drivers/rtc/rtc-at91rm9200.c: disable interrupts at shutdown	2013-11-21 16:42:27 -08:00
s390	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux	2013-11-19 11:43:21 -08:00
sbus
scsi	Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending	2013-11-22 10:52:03 -08:00
sfi
sh
sn
spi	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
ssb
staging	Merge branch 'topic/kbuild-fixes-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2013-11-18 15:10:05 -08:00
target	Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending	2013-11-22 10:52:03 -08:00
tc
thermal	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2013-11-19 15:50:47 -08:00
tty	Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma	2013-11-20 13:20:24 -08:00
uio	drivers/uio/uio_pruss.c: use gen_pool_dma_alloc() to allocate sram memory	2013-11-13 12:09:23 +09:00
usb	Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending	2013-11-22 10:52:03 -08:00
uwb
vfio
vhost	Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending	2013-11-22 10:52:03 -08:00
video	ARM: SoC fixes for 3.13 merge window	2013-11-16 12:45:55 -08:00
virt
virtio	Nothing really exciting: some groundwork for changing virtio endian, and	2013-11-15 13:28:47 +09:00
vlynq
vme
w1	drivers/w1/masters/w1-gpio.c: use dev_get_platdata()	2013-11-15 09:32:21 +09:00
watchdog	watchdog: w83627hf: Use helper functions to access superio registers	2013-11-18 21:34:19 +01:00
xen	More ACPI and power management updates for 3.13-rc1	2013-11-20 13:25:04 -08:00
zorro
Kconfig	ACPI and power management updates for 3.13-rc1	2013-11-14 13:41:48 +09:00
Makefile	ACPI and power management updates for 3.13-rc1	2013-11-14 13:41:48 +09:00