Re: [PATCH] dma: Fix max PFN arithmetic overflow on 32 bit systems

From: Alexander Dahl
Date: Wed Mar 18 2020 - 05:41:57 EST


Hei hei,

gentle ping on this patch from two weeks ago. Did anyone have time to
look into it? Did I miss someone in Cc or sent it to the wrong lists
maybe?

On Mon, Mar 02, 2020 at 07:16:12PM +0100, Alexander Dahl wrote:
> For ARCH=x86 (32 bit) when you set CONFIG_IOMMU_INTEL since c5a5dc4cbbf4
> ("iommu/vt-d: Don't switch off swiotlb if bounce page is used") there's
> a dependency on CONFIG_SWIOTLB, which was not necessarily active before.
>
> The init code for swiotlb in 'pci_swiotlb_detect_4gb()' compares
> something against MAX_DMA32_PFN to decide if it should be active.
> However that define suffers from an arithmetic overflow since
> 1b7e03ef7570 ("x86, NUMA: Enable emulation on 32bit too") when it was
> first made visible to x86_32.
>
> The effect is at boot time 64 MiB (default size) were allocated for
> bounce buffers now, which is a noticeable amount of memory on small
> systems. We noticed this effect on the fli4l Linux distribution when
> migrating from kernel v4.19 (LTS) to v5.4 (LTS) on boards like pcengines
> ALIX 2D3 with 256 MiB memory for example:
>
> Linux version 5.4.22 (buildroot@buildroot) (gcc version 7.3.0 (Buildroot 2018.02.8)) #1 SMP Mon Nov 26 23:40:00 CET 2018
> â
> Memory: 183484K/261756K available (4594K kernel code, 393K rwdata, 1660K rodata, 536K init, 456K bss , 78272K reserved, 0K cma-reserved, 0K highmem)
> â
> PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
> software IO TLB: mapped [mem 0x0bb78000-0x0fb78000] (64MB)
>
> The initial analysis and the suggested fix was done by user 'sourcejedi'
> at stackoverflow and explicitly marked as GPLv2 for inclusion in the
> Linux kernel:
>
> https://unix.stackexchange.com/a/520525/50007
>
> Fixes: https://web.nettworks.org/bugs/browse/FFL-2560
> Fixes: https://unix.stackexchange.com/q/520065/50007
> Suggested-by: Alan Jenkins <alan.christopher.jenkins@xxxxxxxxx>
> Signed-off-by: Alexander Dahl <post@xxxxxxxxxxx>
> ---
> We tested this in qemu and on real hardware with fli4l on top of v5.4,
> v5.5, and v5.6-rc kernels, but only as far as the reserved memory goes.
> The patch itself is based on v5.6-rc3 (IIRC).

We had no complaints of our fli4l users, since we applied this patch
to our distribution kernels.

Thanks & greets
Alex

>
> A quick grep over the kernel code showed me this define MAX_DMA32_PFN is
> used in other places as well. I would appreciate feedback on this,
> because I can not oversee all side effects this might have?!
>
> Thanks again to Alan who proposed the fix, and for his permission to
> send it upstream.
>
> Greets
> Alex
> ---
> arch/x86/include/asm/dma.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/dma.h b/arch/x86/include/asm/dma.h
> index 00f7cf45e699..e25514eca8d6 100644
> --- a/arch/x86/include/asm/dma.h
> +++ b/arch/x86/include/asm/dma.h
> @@ -74,7 +74,7 @@
> #define MAX_DMA_PFN ((16UL * 1024 * 1024) >> PAGE_SHIFT)
>
> /* 4GB broken PCI/AGP hardware bus master zone */
> -#define MAX_DMA32_PFN ((4UL * 1024 * 1024 * 1024) >> PAGE_SHIFT)
> +#define MAX_DMA32_PFN (4UL * ((1024 * 1024 * 1024) >> PAGE_SHIFT))
>
> #ifdef CONFIG_X86_32
> /* The maximum address that we can perform a DMA transfer to on this platform */
> --
> 2.20.1

--
/"\ ASCII RIBBON | ÂWith the first link, the chain is forged. The first
\ / CAMPAIGN | speech censured, the first thought forbidden, the
X AGAINST | first freedom denied, chains us all irrevocably.Â
/ \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie)

Attachment: signature.asc
Description: PGP signature