In D3989#151738, @jhibbits wrote:Did some light testing, but not sure if I triggered anything.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jul 24 2016
Jul 24 2016
May 29 2016
May 29 2016
May 20 2016
May 20 2016
jah committed rS300258: iic_rdwr_data->nmsgs is uint32_t, so limit the allowable number of messages….
iic_rdwr_data->nmsgs is uint32_t, so limit the allowable number of messages…
May 19 2016
May 19 2016
Add comment noting size limit of each message
jah retitled D5155: Add some missing integrity checks in iicrdwr() from Check the results of copyin(9) before continuing in iicrdwr(..) to Add some missing integrity checks in iicrdwr().
Limit number of messages to 42 to prevent exhaustion/short allocation on 32-bit systems
May 16 2016
May 16 2016
In D3989#135429, @jhibbits wrote:I think qemu can boot powerpc64 (see https://wiki.freebsd.org/QemuRecipes ). What kinds of testing should be done? I have a Book-E board I could boot test with, and do basic SATA I/O, would that be enough? I also have some PowerMac hardware. Would need a week or two before I can test with that though.
May 15 2016
May 15 2016
Garrett, were you planning to add the limit on nmsgs and commit this? If not, I can do it.
This one's been sitting for a while. Anything I can do to test this out on my own? qemu maybe?
Apr 14 2016
Apr 14 2016
I think it's better to revert r292255 than to add this. Like Hans mentioned it adds complexity, and the fact that it forces entire buffers to be bounced seems wrong to me. The added memcpy probably isn't that big of a deal, since performance goes out the window if you're bouncing anyway. But the memory those bounce pages come from is likely to be somewhat precious. This could make large transfers use a lot more of that, which makes me nervous.
Feb 1 2016
Feb 1 2016
In D5155#109705, @kib wrote:Copy/paste from my mail to the OP:
> > $ svn diff iic.c > > Index: iic.c > > =================================================================== > > --- iic.c (revision 295081) > > +++ iic.c (working copy) > > @@ -303,6 +303,10 @@ > > buf = malloc(sizeof(*d->msgs) * d->nmsgs, M_IIC, M_WAITOK); > > > > error = copyin(d->msgs, buf, sizeof(*d->msgs) * d->nmsgs); > > + if (error != 0) { > > + free(buf, M_IIC); > > + return (error); > > + } > > > > /* Alloc kernel buffers for userland data, copyin write data */ > > usrbufs = malloc(sizeof(void *) * d->nmsgs, M_IIC, M_WAITOK | M_ZERO); > > > This just continues the original bug. > > If you look at the line above the changed line, you would see the > multiplication with the user-supplied value, which could e.g. overflow > and results in the short buffer being malloced. Then copying trashes the > kernel heap. > > That said, even if overflow does not occur, the user-controlled malloc(9) > either causes DoS by over-allocation of the kernel memory, or by causing > panic by exhausting the kmem address space on 32bit arches.
I might've missed something, but it looks like we don't actually use the contents of buf for anything if error is set. We might store some of that bogus data in usrbufs at line 311, but we'll avoid using it.
Nov 18 2015
Nov 18 2015
Nov 14 2015
Nov 14 2015
Oct 28 2015
Oct 28 2015
In D3986#83956, @adrian wrote:Just build some software or something that'll churn the VM and do disk IO. :)
jah committed rS290120: Retire pmap_dmap_iscurrent(). It is only a wrapper around pmap_is_current()….
Retire pmap_dmap_iscurrent(). It is only a wrapper around pmap_is_current()…
In D3986#83554, @adrian wrote:Can you test this out via a qemu-system-mips (from qemu-devel) package?
https://github.com/freebsd/freebsd-wifi-build/wiki/MipsQemuEmulatorImages
Oct 23 2015
Oct 23 2015
Remove unclear comment on PHYS_TO_VM_PAGE().
Noted by: avg
Remove unclear comments on PHYS_TO_VM_PAGE().
Noted by: avg
Remove unclear comment about address truncation in busdma. Add (hopefully…
Oct 22 2015
Oct 22 2015
jah added a reviewer for D3989: Update powerpc busdma to handle unmapped/out-of-context buffers: jhibbits.
jah retitled D3989: Update powerpc busdma to handle unmapped/out-of-context buffers from to Update powerpc busdma to handle unmapped/out-of-context buffers.
jah added a reviewer for D3986: Update mips busdma to handle unmapped/out-of-context buffers: adrian.
jah retitled D3986: Update mips busdma to handle unmapped/out-of-context buffers from to Update mips busdma to handle unmapped/out-of-context buffers.
Use pmap_quick* functions in armv6 busdma, for bounce buffers and cache…
Oct 21 2015
Oct 21 2015
Use pmap_quick* functions in arm64 busdma to make bounce buffer…
In D888#82509, @royger wrote:In D888#80533, @jah wrote:Thinking about this some more, I wonder if it would be better to have add_bounce_page() do coalescing in much the same way as _bus_dmamap_addseg() already does. You'd still have the 2-page array in struct bounce_page, but add_bounce_page() would go back to just taking one address. It would look at the tail of map->bpages (if that exists). If that last bounce page can still fit the new segment with the right alignment, then its datacount will be increased and datapage[1] will be set if necessary. Otherwise, a new bounce page will be pulled from the bz queue.
With that scheme, you wouldn't need the dedicated load_ma or count_ma functions; existing load_phys and load_buffer would "do the right thing". We'd also make more efficient use of bounce pages when magsegz is much smaller than a page. Right now, if maxsegsz is, say, 512 and those 512-byte segments get bounced, each one will waste a whole bounce page. Of course, I doubt that's a common use case.
A downside would be that you'd probably need to duplicate some of the coalescing logic in count_phys and count_pages to avoid over-requesting bounce pages.
Just a thought I had; there are probably holes in that scheme that I haven't thought of.
The solution you are proposing seems fine, but I don't think I will have time to look into it until a couple of weeks, do you mind if I commit this now so we can get unmapped IO for blkfront?
Use pmap_quick* for out-of-context bounce buffers and (limited) cache…
Oct 20 2015
Oct 20 2015
Narrow the scope of the temporary bounce buffer mappings
Oct 18 2015
Oct 18 2015
jah added inline comments to D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
Oct 17 2015
Oct 17 2015
jah updated the diff for D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
Fixed confusion of client page addr vs. bounce page addr, trimmed trailing whitespace
jah added inline comments to D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
jah updated the diff for D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
Comment on unaligned pages, move page array assertion back to dma_dcache_sync()
Don't page-align the physical address when calling PHYS_TO_VM_PAGE().
jah added inline comments to D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
jah updated the diff for D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
Re-adding comment, moving POSTWRITE check to beginning of _bus_dmamap_sync() as is done for armv5 and mips
Oct 16 2015
Oct 16 2015
jah added inline comments to D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
Oct 13 2015
Oct 13 2015
Thinking about this some more, I wonder if it would be better to have add_bounce_page() do coalescing in much the same way as _bus_dmamap_addseg() already does. You'd still have the 2-page array in struct bounce_page, but add_bounce_page() would go back to just taking one address. It would look at the tail of map->bpages (if that exists). If that last bounce page can still fit the new segment with the right alignment, then its datacount will be increased and datapage[1] will be set if necessary. Otherwise, a new bounce page will be pulled from the bz queue.
jah updated the diff for D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
Port unmapped bounce buffer alignment fix from x86
Port unmapped bounce buffer alignment fix from x86
Port unmapped bounce buffer alignment fix from x86
Ensure the client regions for unmapped bounce buffers created through…
Oct 12 2015
Oct 12 2015
I like the memdesc idea, or at least something like it. I also agree that it's too tall an order to do everywhere right now, especially if Xen needs this right away.
Oct 11 2015
Oct 11 2015
jah retitled D3869: Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers from to Update armv6 busdma implementation to support unmapped/out-of-context userspace buffers.
Adding assert on non-contiguous pages
Oct 1 2015
Oct 1 2015
- Simplify loop in sync_sl
- Fix logic errors around call to sync_buf and bounce buffer cache maintenance
- Remove sync_buf call for unmapped case: cache operations in pmap_quick_enter_page()->pmap_kenter()->pmap_fix_cache() make sync_buf irrelevant
Sep 16 2015
Sep 16 2015
Style fixes. Initialize sl outside the mapping loop, since it is incremented inside the loop.
Sep 1 2015
Sep 1 2015
Making sl coalescing logic a little clearer, preventing coalescing in the case where the sl has a non-contiguous KVA but the physical pages happen to be adjacent.
Aug 28 2015
Aug 28 2015
jah retitled D3522: Use pmap_quick* in pre-v6 arm busdma implementation from to Use pmap_quick* in pre-v6 arm busdma implementation.
Aug 17 2015
Aug 17 2015
Some cleanups to make the style of pmap_quick_enter_page() and…
Aug 14 2015
Aug 14 2015
jah committed rS286787: Use pmap_quick_enter_page() to handle bouncing of unmapped buffers in the x86….
Use pmap_quick_enter_page() to handle bouncing of unmapped buffers in the x86…
Reformat x86 bounce buffer synchronization code to reduce indentation. No…
Aug 7 2015
Aug 7 2015
Create man page for pmap_quick_enter_page(9) and pmap_quick_remove_page(9)
Aug 6 2015
Aug 6 2015
Fix problems noted by wblock
Move each sentence to its own line
Fixing the bugs kib pointed out
Aug 5 2015
Aug 5 2015
Properly sort the function declarations added in r286296
Aug 4 2015
Aug 4 2015
jah closed D3013: KPI for quick single-page mappings by committing rS286296: Add two new pmap functions:.
Jul 7 2015
Jul 7 2015
jah retitled D3014: Rough kmod for testing pmap_quick_enter_page/pmap_quick_remove_page from to Rough kmod for testing pmap_quick_enter_page/pmap_quick_remove_page.
Jun 13 2015
Jun 13 2015
I think it is possible for calls into the smbus interface to get interleaved right now. If they come from smb(4) ioctls, they could get interleaved because that driver does not hold its own sx like iic(4) does (and did even before r281828). But those calls could also be made by another driver directly calling something like smbus_bwrite(), without going through smb(4).
May 15 2015
May 15 2015
Update iic(4) man page to reflect recent changes
May 6 2015
May 6 2015
Addressing wblock's feedback
jah retitled D2461: Update iic(4) man page to reflect recent changes from to Update iic(4) man page to reflect recent changes.
Apr 21 2015
Apr 21 2015
Apr 15 2015
Apr 15 2015
jah added a comment to D2140: Attempt to fix race conditions and improve flexibility of iic(4), fix locking in iicbus_request_bus() and iicbus_release_bus().
Apr 6 2015
Apr 6 2015
jah updated the diff for D2140: Attempt to fix race conditions and improve flexibility of iic(4), fix locking in iicbus_request_bus() and iicbus_release_bus().
addressing jhb's feedback:
- looping on short writes
- always using M_WAITOK
- style(9) fixes
Apr 3 2015
Apr 3 2015
jah added a comment to D2140: Attempt to fix race conditions and improve flexibility of iic(4), fix locking in iicbus_request_bus() and iicbus_release_bus().
imp, loos: can you guys look over this again when you have time?
I also need some clarification on Warner's comment about the lock.
jah updated the diff for D2140: Attempt to fix race conditions and improve flexibility of iic(4), fix locking in iicbus_request_bus() and iicbus_release_bus().
Change chunk size back to 128 bytes. That should still be OK to keep on the kernel stack. 32 might be too stingy for faster iic controllers.
Mar 27 2015
Mar 27 2015
jah updated the diff for D2140: Attempt to fix race conditions and improve flexibility of iic(4), fix locking in iicbus_request_bus() and iicbus_release_bus().
--Shrink chunk size to 32 bytes (same as smbus blocksize), move buffer to stack
--Respect O_NONBLOCK for mallocs
--Document IICBUS_CALLBACK locking assumptions in iiconf.c and iicbus interface
Mar 26 2015
Mar 26 2015
jah updated the diff for D2140: Attempt to fix race conditions and improve flexibility of iic(4), fix locking in iicbus_request_bus() and iicbus_release_bus().
Remove stale comment