Commit 38c8d025 authored by Benjamin Berg's avatar Benjamin Berg Committed by Kalle Valo

wifi: iwlwifi: correctly lookup DMA address in SG table

The code to lookup the scatter gather table entry assumed that it was
possible to use sg_virt() in order to lookup the DMA address in a mapped
scatter gather table. However, this assumption is incorrect as the DMA
mapping code may merge multiple entries into one. In that case, the DMA
address space may have e.g. two consecutive pages which is correctly
represented by the scatter gather list entry, however the virtual
addresses for these two pages may differ and the relationship cannot be
resolved anymore.

Avoid this problem entirely by working with the offset into the mapped
area instead of using virtual addresses. With that we only use the DMA
length and DMA address from the scatter gather list entries. The
underlying DMA/IOMMU code is therefore free to merge two entries into
one even if the virtual addresses space for the area is not continuous.

Fixes: 90db5075 ("wifi: iwlwifi: use already mapped data when TXing an AMSDU")
Reported-by: default avatarChris Bainbridge <chris.bainbridge@gmail.com>
Closes: https://lore.kernel.org/r/ZrNRoEbdkxkKFMBi@debian.localSigned-off-by: default avatarBenjamin Berg <benjamin.berg@intel.com>
Tested-by: default avatarChris Bainbridge <chris.bainbridge@gmail.com>
Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20240812110640.460514-1-benjamin@sipsolutions.net
parent 479ffee6
...@@ -639,7 +639,8 @@ void iwl_trans_pcie_tx_reset(struct iwl_trans *trans); ...@@ -639,7 +639,8 @@ void iwl_trans_pcie_tx_reset(struct iwl_trans *trans);
int iwl_pcie_txq_alloc(struct iwl_trans *trans, struct iwl_txq *txq, int iwl_pcie_txq_alloc(struct iwl_trans *trans, struct iwl_txq *txq,
int slots_num, bool cmd_queue); int slots_num, bool cmd_queue);
dma_addr_t iwl_pcie_get_sgt_tb_phys(struct sg_table *sgt, void *addr); dma_addr_t iwl_pcie_get_sgt_tb_phys(struct sg_table *sgt, unsigned int offset,
unsigned int len);
struct sg_table *iwl_pcie_prep_tso(struct iwl_trans *trans, struct sk_buff *skb, struct sg_table *iwl_pcie_prep_tso(struct iwl_trans *trans, struct sk_buff *skb,
struct iwl_cmd_meta *cmd_meta, struct iwl_cmd_meta *cmd_meta,
u8 **hdr, unsigned int hdr_room); u8 **hdr, unsigned int hdr_room);
......
...@@ -168,6 +168,7 @@ static int iwl_txq_gen2_build_amsdu(struct iwl_trans *trans, ...@@ -168,6 +168,7 @@ static int iwl_txq_gen2_build_amsdu(struct iwl_trans *trans,
struct ieee80211_hdr *hdr = (void *)skb->data; struct ieee80211_hdr *hdr = (void *)skb->data;
unsigned int snap_ip_tcp_hdrlen, ip_hdrlen, total_len, hdr_room; unsigned int snap_ip_tcp_hdrlen, ip_hdrlen, total_len, hdr_room;
unsigned int mss = skb_shinfo(skb)->gso_size; unsigned int mss = skb_shinfo(skb)->gso_size;
unsigned int data_offset = 0;
dma_addr_t start_hdr_phys; dma_addr_t start_hdr_phys;
u16 length, amsdu_pad; u16 length, amsdu_pad;
u8 *start_hdr; u8 *start_hdr;
...@@ -260,7 +261,8 @@ static int iwl_txq_gen2_build_amsdu(struct iwl_trans *trans, ...@@ -260,7 +261,8 @@ static int iwl_txq_gen2_build_amsdu(struct iwl_trans *trans,
int ret; int ret;
tb_len = min_t(unsigned int, tso.size, data_left); tb_len = min_t(unsigned int, tso.size, data_left);
tb_phys = iwl_pcie_get_sgt_tb_phys(sgt, tso.data); tb_phys = iwl_pcie_get_sgt_tb_phys(sgt, data_offset,
tb_len);
/* Not a real mapping error, use direct comparison */ /* Not a real mapping error, use direct comparison */
if (unlikely(tb_phys == DMA_MAPPING_ERROR)) if (unlikely(tb_phys == DMA_MAPPING_ERROR))
goto out_err; goto out_err;
...@@ -272,6 +274,7 @@ static int iwl_txq_gen2_build_amsdu(struct iwl_trans *trans, ...@@ -272,6 +274,7 @@ static int iwl_txq_gen2_build_amsdu(struct iwl_trans *trans,
goto out_err; goto out_err;
data_left -= tb_len; data_left -= tb_len;
data_offset += tb_len;
tso_build_data(skb, &tso, tb_len); tso_build_data(skb, &tso, tb_len);
} }
} }
......
...@@ -1814,23 +1814,31 @@ static void *iwl_pcie_get_page_hdr(struct iwl_trans *trans, ...@@ -1814,23 +1814,31 @@ static void *iwl_pcie_get_page_hdr(struct iwl_trans *trans,
/** /**
* iwl_pcie_get_sgt_tb_phys - Find TB address in mapped SG list * iwl_pcie_get_sgt_tb_phys - Find TB address in mapped SG list
* @sgt: scatter gather table * @sgt: scatter gather table
* @addr: Virtual address * @offset: Offset into the mapped memory (i.e. SKB payload data)
* @len: Length of the area
* *
* Find the entry that includes the address for the given address and return * Find the DMA address that corresponds to the SKB payload data at the
* correct physical address for the TB entry. * position given by @offset.
* *
* Returns: Address for TB entry * Returns: Address for TB entry
*/ */
dma_addr_t iwl_pcie_get_sgt_tb_phys(struct sg_table *sgt, void *addr) dma_addr_t iwl_pcie_get_sgt_tb_phys(struct sg_table *sgt, unsigned int offset,
unsigned int len)
{ {
struct scatterlist *sg; struct scatterlist *sg;
unsigned int sg_offset = 0;
int i; int i;
/*
* Search the mapped DMA areas in the SG for the area that contains the
* data at offset with the given length.
*/
for_each_sgtable_dma_sg(sgt, sg, i) { for_each_sgtable_dma_sg(sgt, sg, i) {
if (addr >= sg_virt(sg) && if (offset >= sg_offset &&
(u8 *)addr < (u8 *)sg_virt(sg) + sg_dma_len(sg)) offset + len <= sg_offset + sg_dma_len(sg))
return sg_dma_address(sg) + return sg_dma_address(sg) + offset - sg_offset;
((unsigned long)addr - (unsigned long)sg_virt(sg));
sg_offset += sg_dma_len(sg);
} }
WARN_ON_ONCE(1); WARN_ON_ONCE(1);
...@@ -1875,7 +1883,9 @@ struct sg_table *iwl_pcie_prep_tso(struct iwl_trans *trans, struct sk_buff *skb, ...@@ -1875,7 +1883,9 @@ struct sg_table *iwl_pcie_prep_tso(struct iwl_trans *trans, struct sk_buff *skb,
sg_init_table(sgt->sgl, skb_shinfo(skb)->nr_frags + 1); sg_init_table(sgt->sgl, skb_shinfo(skb)->nr_frags + 1);
sgt->orig_nents = skb_to_sgvec(skb, sgt->sgl, 0, skb->len); /* Only map the data, not the header (it is copied to the TSO page) */
sgt->orig_nents = skb_to_sgvec(skb, sgt->sgl, skb_headlen(skb),
skb->data_len);
if (WARN_ON_ONCE(sgt->orig_nents <= 0)) if (WARN_ON_ONCE(sgt->orig_nents <= 0))
return NULL; return NULL;
...@@ -1900,6 +1910,7 @@ static int iwl_fill_data_tbs_amsdu(struct iwl_trans *trans, struct sk_buff *skb, ...@@ -1900,6 +1910,7 @@ static int iwl_fill_data_tbs_amsdu(struct iwl_trans *trans, struct sk_buff *skb,
struct ieee80211_hdr *hdr = (void *)skb->data; struct ieee80211_hdr *hdr = (void *)skb->data;
unsigned int snap_ip_tcp_hdrlen, ip_hdrlen, total_len, hdr_room; unsigned int snap_ip_tcp_hdrlen, ip_hdrlen, total_len, hdr_room;
unsigned int mss = skb_shinfo(skb)->gso_size; unsigned int mss = skb_shinfo(skb)->gso_size;
unsigned int data_offset = 0;
u16 length, iv_len, amsdu_pad; u16 length, iv_len, amsdu_pad;
dma_addr_t start_hdr_phys; dma_addr_t start_hdr_phys;
u8 *start_hdr, *pos_hdr; u8 *start_hdr, *pos_hdr;
...@@ -2000,7 +2011,7 @@ static int iwl_fill_data_tbs_amsdu(struct iwl_trans *trans, struct sk_buff *skb, ...@@ -2000,7 +2011,7 @@ static int iwl_fill_data_tbs_amsdu(struct iwl_trans *trans, struct sk_buff *skb,
data_left); data_left);
dma_addr_t tb_phys; dma_addr_t tb_phys;
tb_phys = iwl_pcie_get_sgt_tb_phys(sgt, tso.data); tb_phys = iwl_pcie_get_sgt_tb_phys(sgt, data_offset, size);
/* Not a real mapping error, use direct comparison */ /* Not a real mapping error, use direct comparison */
if (unlikely(tb_phys == DMA_MAPPING_ERROR)) if (unlikely(tb_phys == DMA_MAPPING_ERROR))
return -EINVAL; return -EINVAL;
...@@ -2011,6 +2022,7 @@ static int iwl_fill_data_tbs_amsdu(struct iwl_trans *trans, struct sk_buff *skb, ...@@ -2011,6 +2022,7 @@ static int iwl_fill_data_tbs_amsdu(struct iwl_trans *trans, struct sk_buff *skb,
tb_phys, size); tb_phys, size);
data_left -= size; data_left -= size;
data_offset += size;
tso_build_data(skb, &tso, size); tso_build_data(skb, &tso, size);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment