Re: Bug 205201 - overflow of DMA mask and bus mask
On Wed, Nov 06, 2019 at 02:09:26PM +, Robin Murphy wrote: > Hmm, that bus mask looks pretty wacky - are you able to figure out where > that's coming from? arch/powerpc/sysdev/fsl_pci.c:pci_dma_dev_setup_swiotlb(). ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Bug 205201 - overflow of DMA mask and bus mask
Interesting. Give me some time to come up with a real fix, as drivers really should not mess with GFP flags for these allocations, and even if they did swiotlb is supposed to take care of any resulting problems. ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Bug 205201 - overflow of DMA mask and bus mask
Hello Christoph, I have found the issue. :-) GFP_DMA32 was renamed to GFP_DMA in the PowerPC updates 4.21-1 in December last year. Some PCI devices still use GFP_DMA32 (grep -r GFP_DMA32 *). I renamed GFP_DMA32 to GFP_DMA in the file "drivers/media/v4l2-core/videobuf-dma-sg.c". After compiling the RC7 of kernel 5.4 my TV card works again. Cheers, Christian On 12 November 2019 at 3:41 pm, Christoph Hellwig wrote: On Mon, Nov 11, 2019 at 01:22:55PM +0100, Christian Zigotzky wrote: Now, I can definitely say that this patch does not solve the issue. Do you have another patch for testing or shall I bisect? I'm still interested in the .config and dmesg. Especially if the board is using arch/powerpc/sysdev/fsl_pci.c, which is the only place inside the powerpc arch code doing funny things with the bus_dma_mask, which Robin pointed out looks fishy. Thanks, Christian ---end quoted text--- ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Bug 205201 - overflow of DMA mask and bus mask
On 12 November 2019 at 3:41 pm, Christoph Hellwig wrote: On Mon, Nov 11, 2019 at 01:22:55PM +0100, Christian Zigotzky wrote: Now, I can definitely say that this patch does not solve the issue. Do you have another patch for testing or shall I bisect? I'm still interested in the .config and dmesg. Especially if the board is using arch/powerpc/sysdev/fsl_pci.c, which is the only place inside the powerpc arch code doing funny things with the bus_dma_mask, which Robin pointed out looks fishy. Here you are: .config: https://bugzilla.kernel.org/attachment.cgi?id=285815 dmesg: https://bugzilla.kernel.org/attachment.cgi?id=285813 Thanks ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Bug 205201 - overflow of DMA mask and bus mask
On Mon, Nov 11, 2019 at 01:22:55PM +0100, Christian Zigotzky wrote: > Now, I can definitely say that this patch does not solve the issue. > > Do you have another patch for testing or shall I bisect? I'm still interested in the .config and dmesg. Especially if the board is using arch/powerpc/sysdev/fsl_pci.c, which is the only place inside the powerpc arch code doing funny things with the bus_dma_mask, which Robin pointed out looks fishy. > > Thanks, > Christian ---end quoted text--- ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Bug 205201 - overflow of DMA mask and bus mask
On 11 November 2019 at 09:16 am, Christian Zigotzky wrote: On 11 November 2019 at 09:12 am, Christian Zigotzky wrote: On 10 November 2019 at 08:27 am, Christian Zigotzky wrote: On 07 November 2019 at 10:53 am, Christian Zigotzky wrote: On 05 November 2019 at 05:28 pm, Christoph Hellwig wrote: On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote: Hi All, We still have DMA problems with some PCI devices. Since the PowerPC updates 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to work with our PCI devices. The FSL P5020 and P5040 have these problems currently. Error message: [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA mask bus mask df00 All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting of a Linux userland isn't possible. PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel 4.20 works with all PCI devices without limitation of RAM. Can you send me the .config and a dmesg? And in the meantime try the patch below? --- >From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Fri, 18 Oct 2019 13:00:43 +0200 Subject: dma-direct: check for overflows on 32 bit DMA addresses As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne --- include/linux/dma-direct.h | 8 1 file changed, 8 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ad9e9ea7564 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,6 +3,7 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) if (!dev->dma_mask) return false; +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT + /* Check if DMA address overflowed */ + if (min(addr, addr + size - 1) < + __phys_to_dma(dev, (phys_addr_t)(min_low_pfn << PAGE_SHIFT))) + return false; +#endif + return addr + size - 1 <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } Hello Christoph, Thanks a lot for your patch! Unfortunately this patch doesn't solve the issue. Error messages: [ 6.041163] bttv: driver version 0.9.19 loaded [ 6.041167] bttv: using 8 buffers with 2080k (520 pages) each for capture [ 6.041559] bttv: Bt8xx card found (0) [ 6.041609] bttv: 0: Bt878 (rev 17) at 1000:04:05.0, irq: 19, latency: 128, mmio: 0xc20001000 [ 6.041622] bttv: 0: using: Typhoon TView RDS + FM Stereo / KNC1 TV Station RDS [card=53,insmod option] [ 6.042216] bttv: 0: tuner type=5 [ 6.111994] bttv: 0: audio absent, no audio device found! [ 6.176425] bttv: 0: Setting PLL: 28636363 => 35468950 (needs up to 100ms) [ 6.25] bttv: PLL set ok [ 6.209351] bttv: 0: registered device video0 [ 6.211576] bttv: 0: registered device vbi0 [ 6.214897] bttv: 0: registered device radio0 [ 114.218806] bttv 1000:04:05.0: overflow 0xff507000+4096 of DMA mask bus mask df00 [ 114.218848] Modules linked in: rfcomm bnep tuner_simple tuner_types tea5767 tuner tda7432 tvaudio msp3400 bttv tea575x tveeprom videobuf_dma_sg videobuf_core rc_core videodev mc btusb btrtl btbcm btintel bluetooth uio_pdrv_genirq uio ecdh_generic ecc [ 114.219012] [c001ecddf720] [808ff6e8] .buffer_prepare+0x150/0x268 [bttv] [ 114.219029] [c001ecddf860] [808fff6c] .bttv_qbuf+0x50/0x64 [bttv] - Trace: [ 462.783184] Call Trace: [ 462.783187] [c001c6c67420] [c00b3358] .report_addr+0xb8/0xc0 (unreliable) [ 462.783192] [c001c6c67490] [c00b351c] .dma_direct_map_page+0xf0/0x128 [ 462.783195] [c001c6c67530] [c00b35b0] .dma_direct_map_sg+0x5c/0xac [ 462.783205] [c001c6c675e0] [80862e88] .__videobuf_iolock+0x660/0x6d8 [videobuf_dma_sg] [ 462.783220] [c001c6c676b0] [80854274] .videobuf_iolock+0x98/0xb4 [videobuf_core] [ 462.783271] [c001c6c67720]
Re: Bug 205201 - overflow of DMA mask and bus mask
On 11 November 2019 at 09:12 am, Christian Zigotzky wrote: On 10 November 2019 at 08:27 am, Christian Zigotzky wrote: On 07 November 2019 at 10:53 am, Christian Zigotzky wrote: On 05 November 2019 at 05:28 pm, Christoph Hellwig wrote: On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote: Hi All, We still have DMA problems with some PCI devices. Since the PowerPC updates 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to work with our PCI devices. The FSL P5020 and P5040 have these problems currently. Error message: [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA mask bus mask df00 All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting of a Linux userland isn't possible. PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel 4.20 works with all PCI devices without limitation of RAM. Can you send me the .config and a dmesg? And in the meantime try the patch below? --- >From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Fri, 18 Oct 2019 13:00:43 +0200 Subject: dma-direct: check for overflows on 32 bit DMA addresses As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne --- include/linux/dma-direct.h | 8 1 file changed, 8 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ad9e9ea7564 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,6 +3,7 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) if (!dev->dma_mask) return false; +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT + /* Check if DMA address overflowed */ + if (min(addr, addr + size - 1) < + __phys_to_dma(dev, (phys_addr_t)(min_low_pfn << PAGE_SHIFT))) + return false; +#endif + return addr + size - 1 <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } Hello Christoph, Thanks a lot for your patch! Unfortunately this patch doesn't solve the issue. Error messages: [ 6.041163] bttv: driver version 0.9.19 loaded [ 6.041167] bttv: using 8 buffers with 2080k (520 pages) each for capture [ 6.041559] bttv: Bt8xx card found (0) [ 6.041609] bttv: 0: Bt878 (rev 17) at 1000:04:05.0, irq: 19, latency: 128, mmio: 0xc20001000 [ 6.041622] bttv: 0: using: Typhoon TView RDS + FM Stereo / KNC1 TV Station RDS [card=53,insmod option] [ 6.042216] bttv: 0: tuner type=5 [ 6.111994] bttv: 0: audio absent, no audio device found! [ 6.176425] bttv: 0: Setting PLL: 28636363 => 35468950 (needs up to 100ms) [ 6.25] bttv: PLL set ok [ 6.209351] bttv: 0: registered device video0 [ 6.211576] bttv: 0: registered device vbi0 [ 6.214897] bttv: 0: registered device radio0 [ 114.218806] bttv 1000:04:05.0: overflow 0xff507000+4096 of DMA mask bus mask df00 [ 114.218848] Modules linked in: rfcomm bnep tuner_simple tuner_types tea5767 tuner tda7432 tvaudio msp3400 bttv tea575x tveeprom videobuf_dma_sg videobuf_core rc_core videodev mc btusb btrtl btbcm btintel bluetooth uio_pdrv_genirq uio ecdh_generic ecc [ 114.219012] [c001ecddf720] [808ff6e8] .buffer_prepare+0x150/0x268 [bttv] [ 114.219029] [c001ecddf860] [808fff6c] .bttv_qbuf+0x50/0x64 [bttv] - Trace: [ 462.783184] Call Trace: [ 462.783187] [c001c6c67420] [c00b3358] .report_addr+0xb8/0xc0 (unreliable) [ 462.783192] [c001c6c67490] [c00b351c] .dma_direct_map_page+0xf0/0x128 [ 462.783195] [c001c6c67530] [c00b35b0] .dma_direct_map_sg+0x5c/0xac [ 462.783205] [c001c6c675e0] [80862e88] .__videobuf_iolock+0x660/0x6d8 [videobuf_dma_sg] [ 462.783220] [c001c6c676b0] [80854274] .videobuf_iolock+0x98/0xb4 [videobuf_core] [ 462.783271] [c001c6c67720] [808686e8] .buffer_prepare+0x150/0x268 [bttv] [ 462.783276]
Re: Bug 205201 - overflow of DMA mask and bus mask
On 10 November 2019 at 08:27 am, Christian Zigotzky wrote: On 07 November 2019 at 10:53 am, Christian Zigotzky wrote: On 05 November 2019 at 05:28 pm, Christoph Hellwig wrote: On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote: Hi All, We still have DMA problems with some PCI devices. Since the PowerPC updates 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to work with our PCI devices. The FSL P5020 and P5040 have these problems currently. Error message: [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA mask bus mask df00 All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting of a Linux userland isn't possible. PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel 4.20 works with all PCI devices without limitation of RAM. Can you send me the .config and a dmesg? And in the meantime try the patch below? --- >From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Fri, 18 Oct 2019 13:00:43 +0200 Subject: dma-direct: check for overflows on 32 bit DMA addresses As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne --- include/linux/dma-direct.h | 8 1 file changed, 8 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ad9e9ea7564 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,6 +3,7 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) if (!dev->dma_mask) return false; +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT + /* Check if DMA address overflowed */ + if (min(addr, addr + size - 1) < + __phys_to_dma(dev, (phys_addr_t)(min_low_pfn << PAGE_SHIFT))) + return false; +#endif + return addr + size - 1 <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } Hello Christoph, Thanks a lot for your patch! Unfortunately this patch doesn't solve the issue. Error messages: [ 6.041163] bttv: driver version 0.9.19 loaded [ 6.041167] bttv: using 8 buffers with 2080k (520 pages) each for capture [ 6.041559] bttv: Bt8xx card found (0) [ 6.041609] bttv: 0: Bt878 (rev 17) at 1000:04:05.0, irq: 19, latency: 128, mmio: 0xc20001000 [ 6.041622] bttv: 0: using: Typhoon TView RDS + FM Stereo / KNC1 TV Station RDS [card=53,insmod option] [ 6.042216] bttv: 0: tuner type=5 [ 6.111994] bttv: 0: audio absent, no audio device found! [ 6.176425] bttv: 0: Setting PLL: 28636363 => 35468950 (needs up to 100ms) [ 6.25] bttv: PLL set ok [ 6.209351] bttv: 0: registered device video0 [ 6.211576] bttv: 0: registered device vbi0 [ 6.214897] bttv: 0: registered device radio0 [ 114.218806] bttv 1000:04:05.0: overflow 0xff507000+4096 of DMA mask bus mask df00 [ 114.218848] Modules linked in: rfcomm bnep tuner_simple tuner_types tea5767 tuner tda7432 tvaudio msp3400 bttv tea575x tveeprom videobuf_dma_sg videobuf_core rc_core videodev mc btusb btrtl btbcm btintel bluetooth uio_pdrv_genirq uio ecdh_generic ecc [ 114.219012] [c001ecddf720] [808ff6e8] .buffer_prepare+0x150/0x268 [bttv] [ 114.219029] [c001ecddf860] [808fff6c] .bttv_qbuf+0x50/0x64 [bttv] - Trace: [ 462.783184] Call Trace: [ 462.783187] [c001c6c67420] [c00b3358] .report_addr+0xb8/0xc0 (unreliable) [ 462.783192] [c001c6c67490] [c00b351c] .dma_direct_map_page+0xf0/0x128 [ 462.783195] [c001c6c67530] [c00b35b0] .dma_direct_map_sg+0x5c/0xac [ 462.783205] [c001c6c675e0] [80862e88] .__videobuf_iolock+0x660/0x6d8 [videobuf_dma_sg] [ 462.783220] [c001c6c676b0] [80854274] .videobuf_iolock+0x98/0xb4 [videobuf_core] [ 462.783271] [c001c6c67720] [808686e8] .buffer_prepare+0x150/0x268 [bttv] [ 462.783276] [c001c6c677c0] [80854afc] .videobuf_qbuf+0x2b8/0x428
Re: Bug 205201 - overflow of DMA mask and bus mask
On 07 November 2019 at 10:53 am, Christian Zigotzky wrote: On 05 November 2019 at 5:28 pm, Christoph Hellwig wrote: On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote: Hi All, We still have DMA problems with some PCI devices. Since the PowerPC updates 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to work with our PCI devices. The FSL P5020 and P5040 have these problems currently. Error message: [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA mask bus mask df00 All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting of a Linux userland isn't possible. PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel 4.20 works with all PCI devices without limitation of RAM. Can you send me the .config and a dmesg? And in the meantime try the patch below? --- >From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Fri, 18 Oct 2019 13:00:43 +0200 Subject: dma-direct: check for overflows on 32 bit DMA addresses As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne --- include/linux/dma-direct.h | 8 1 file changed, 8 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ad9e9ea7564 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,6 +3,7 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) if (!dev->dma_mask) return false; +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT + /* Check if DMA address overflowed */ + if (min(addr, addr + size - 1) < + __phys_to_dma(dev, (phys_addr_t)(min_low_pfn << PAGE_SHIFT))) + return false; +#endif + return addr + size - 1 <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } Hello Christoph, Thanks a lot for your patch! Unfortunately this patch doesn't solve the issue. Error messages: [ 6.041163] bttv: driver version 0.9.19 loaded [ 6.041167] bttv: using 8 buffers with 2080k (520 pages) each for capture [ 6.041559] bttv: Bt8xx card found (0) [ 6.041609] bttv: 0: Bt878 (rev 17) at 1000:04:05.0, irq: 19, latency: 128, mmio: 0xc20001000 [ 6.041622] bttv: 0: using: Typhoon TView RDS + FM Stereo / KNC1 TV Station RDS [card=53,insmod option] [ 6.042216] bttv: 0: tuner type=5 [ 6.111994] bttv: 0: audio absent, no audio device found! [ 6.176425] bttv: 0: Setting PLL: 28636363 => 35468950 (needs up to 100ms) [ 6.25] bttv: PLL set ok [ 6.209351] bttv: 0: registered device video0 [ 6.211576] bttv: 0: registered device vbi0 [ 6.214897] bttv: 0: registered device radio0 [ 114.218806] bttv 1000:04:05.0: overflow 0xff507000+4096 of DMA mask bus mask df00 [ 114.218848] Modules linked in: rfcomm bnep tuner_simple tuner_types tea5767 tuner tda7432 tvaudio msp3400 bttv tea575x tveeprom videobuf_dma_sg videobuf_core rc_core videodev mc btusb btrtl btbcm btintel bluetooth uio_pdrv_genirq uio ecdh_generic ecc [ 114.219012] [c001ecddf720] [808ff6e8] .buffer_prepare+0x150/0x268 [bttv] [ 114.219029] [c001ecddf860] [808fff6c] .bttv_qbuf+0x50/0x64 [bttv] - Trace: [ 462.783184] Call Trace: [ 462.783187] [c001c6c67420] [c00b3358] .report_addr+0xb8/0xc0 (unreliable) [ 462.783192] [c001c6c67490] [c00b351c] .dma_direct_map_page+0xf0/0x128 [ 462.783195] [c001c6c67530] [c00b35b0] .dma_direct_map_sg+0x5c/0xac [ 462.783205] [c001c6c675e0] [80862e88] .__videobuf_iolock+0x660/0x6d8 [videobuf_dma_sg] [ 462.783220] [c001c6c676b0] [80854274] .videobuf_iolock+0x98/0xb4 [videobuf_core] [ 462.783271] [c001c6c67720] [808686e8] .buffer_prepare+0x150/0x268 [bttv] [ 462.783276] [c001c6c677c0] [80854afc] .videobuf_qbuf+0x2b8/0x428 [videobuf_core] [ 462.783288] [c001c6c67860]
Re: Bug 205201 - overflow of DMA mask and bus mask
On 05 November 2019 at 5:28 pm, Christoph Hellwig wrote: On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote: Hi All, We still have DMA problems with some PCI devices. Since the PowerPC updates 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to work with our PCI devices. The FSL P5020 and P5040 have these problems currently. Error message: [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA mask bus mask df00 All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting of a Linux userland isn't possible. PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel 4.20 works with all PCI devices without limitation of RAM. Can you send me the .config and a dmesg? And in the meantime try the patch below? --- >From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Fri, 18 Oct 2019 13:00:43 +0200 Subject: dma-direct: check for overflows on 32 bit DMA addresses As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne --- include/linux/dma-direct.h | 8 1 file changed, 8 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ad9e9ea7564 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,6 +3,7 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) if (!dev->dma_mask) return false; +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT + /* Check if DMA address overflowed */ + if (min(addr, addr + size - 1) < + __phys_to_dma(dev, (phys_addr_t)(min_low_pfn << PAGE_SHIFT))) + return false; +#endif + return addr + size - 1 <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } Hello Christoph, Thanks a lot for your patch! Unfortunately this patch doesn't solve the issue. Error messages: [ 6.041163] bttv: driver version 0.9.19 loaded [ 6.041167] bttv: using 8 buffers with 2080k (520 pages) each for capture [ 6.041559] bttv: Bt8xx card found (0) [ 6.041609] bttv: 0: Bt878 (rev 17) at 1000:04:05.0, irq: 19, latency: 128, mmio: 0xc20001000 [ 6.041622] bttv: 0: using: Typhoon TView RDS + FM Stereo / KNC1 TV Station RDS [card=53,insmod option] [ 6.042216] bttv: 0: tuner type=5 [ 6.111994] bttv: 0: audio absent, no audio device found! [ 6.176425] bttv: 0: Setting PLL: 28636363 => 35468950 (needs up to 100ms) [ 6.25] bttv: PLL set ok [ 6.209351] bttv: 0: registered device video0 [ 6.211576] bttv: 0: registered device vbi0 [ 6.214897] bttv: 0: registered device radio0 [ 114.218806] bttv 1000:04:05.0: overflow 0xff507000+4096 of DMA mask bus mask df00 [ 114.218848] Modules linked in: rfcomm bnep tuner_simple tuner_types tea5767 tuner tda7432 tvaudio msp3400 bttv tea575x tveeprom videobuf_dma_sg videobuf_core rc_core videodev mc btusb btrtl btbcm btintel bluetooth uio_pdrv_genirq uio ecdh_generic ecc [ 114.219012] [c001ecddf720] [808ff6e8] .buffer_prepare+0x150/0x268 [bttv] [ 114.219029] [c001ecddf860] [808fff6c] .bttv_qbuf+0x50/0x64 [bttv] - Trace: [ 462.783184] Call Trace: [ 462.783187] [c001c6c67420] [c00b3358] .report_addr+0xb8/0xc0 (unreliable) [ 462.783192] [c001c6c67490] [c00b351c] .dma_direct_map_page+0xf0/0x128 [ 462.783195] [c001c6c67530] [c00b35b0] .dma_direct_map_sg+0x5c/0xac [ 462.783205] [c001c6c675e0] [80862e88] .__videobuf_iolock+0x660/0x6d8 [videobuf_dma_sg] [ 462.783220] [c001c6c676b0] [80854274] .videobuf_iolock+0x98/0xb4 [videobuf_core] [ 462.783271] [c001c6c67720] [808686e8] .buffer_prepare+0x150/0x268 [bttv] [ 462.783276] [c001c6c677c0] [80854afc] .videobuf_qbuf+0x2b8/0x428 [videobuf_core] [ 462.783288] [c001c6c67860] [80868f6c] .bttv_qbuf+0x50/0x64 [bttv]
Re: Bug 205201 - overflow of DMA mask and bus mask
On 05/11/2019 16:28, Christoph Hellwig wrote: On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote: Hi All, We still have DMA problems with some PCI devices. Since the PowerPC updates 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to work with our PCI devices. The FSL P5020 and P5040 have these problems currently. Error message: [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA mask bus mask df00 Hmm, that bus mask looks pretty wacky - are you able to figure out where that's coming from? Robin. All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting of a Linux userland isn't possible. PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel 4.20 works with all PCI devices without limitation of RAM. Can you send me the .config and a dmesg? And in the meantime try the patch below? --- From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Fri, 18 Oct 2019 13:00:43 +0200 Subject: dma-direct: check for overflows on 32 bit DMA addresses As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne --- include/linux/dma-direct.h | 8 1 file changed, 8 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ad9e9ea7564 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,6 +3,7 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) if (!dev->dma_mask) return false; +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT + /* Check if DMA address overflowed */ + if (min(addr, addr + size - 1) < + __phys_to_dma(dev, (phys_addr_t)(min_low_pfn << PAGE_SHIFT))) + return false; +#endif + return addr + size - 1 <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: Bug 205201 - overflow of DMA mask and bus mask
On Tue, Nov 05, 2019 at 08:56:27AM +0100, Christian Zigotzky wrote: > Hi All, > > We still have DMA problems with some PCI devices. Since the PowerPC updates > 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to > work with our PCI devices. The FSL P5020 and P5040 have these problems > currently. > > Error message: > > [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA > mask bus mask df00 > > All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting > of a Linux userland isn't possible. > > PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel > 4.20 works with all PCI devices without limitation of RAM. Can you send me the .config and a dmesg? And in the meantime try the patch below? --- >From 4d659b7311bd4141fdd3eeeb80fa2d7602ea01d4 Mon Sep 17 00:00:00 2001 From: Nicolas Saenz Julienne Date: Fri, 18 Oct 2019 13:00:43 +0200 Subject: dma-direct: check for overflows on 32 bit DMA addresses As seen on the new Raspberry Pi 4 and sta2x11's DMA implementation it is possible for a device configured with 32 bit DMA addresses and a partial DMA mapping located at the end of the address space to overflow. It happens when a higher physical address, not DMAable, is translated to it's DMA counterpart. For example the Raspberry Pi 4, configurable up to 4 GB of memory, has an interconnect capable of addressing the lower 1 GB of physical memory with a DMA offset of 0xc000. It transpires that, any attempt to translate physical addresses higher than the first GB will result in an overflow which dma_capable() can't detect as it only checks for addresses bigger then the maximum allowed DMA address. Fix this by verifying in dma_capable() if the DMA address range provided is at any point lower than the minimum possible DMA address on the bus. Signed-off-by: Nicolas Saenz Julienne --- include/linux/dma-direct.h | 8 1 file changed, 8 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ad9e9ea7564 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -3,6 +3,7 @@ #define _LINUX_DMA_DIRECT_H 1 #include +#include /* for min_low_pfn */ #include #ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA @@ -27,6 +28,13 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) if (!dev->dma_mask) return false; +#ifndef CONFIG_ARCH_DMA_ADDR_T_64BIT + /* Check if DMA address overflowed */ + if (min(addr, addr + size - 1) < + __phys_to_dma(dev, (phys_addr_t)(min_low_pfn << PAGE_SHIFT))) + return false; +#endif + return addr + size - 1 <= min_not_zero(*dev->dma_mask, dev->bus_dma_mask); } -- 2.20.1 ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Bug 205201 - overflow of DMA mask and bus mask
Hi All, We still have DMA problems with some PCI devices. Since the PowerPC updates 4.21-1 [1] we need to decrease the RAM to 3500MB (mem=3500M) if we want to work with our PCI devices. The FSL P5020 and P5040 have these problems currently. Error message: [ 25.654852] bttv 1000:04:05.0: overflow 0xfe077000+4096 of DMA mask bus mask df00 All 5.x Linux kernels can't initialize a SCSI PCI card anymore so booting of a Linux userland isn't possible. PLEASE check the DMA changes in the PowerPC updates 4.21-1 [1]. The kernel 4.20 works with all PCI devices without limitation of RAM. We created a bug report a month ago. [2] Thanks, Christian [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8d6973327ee84c2f40dd9efd8928d4a1186c96e2 [2] https://bugzilla.kernel.org/show_bug.cgi?id=205201 ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
