Hector Martin wrote: > At least some JMicron controllers issue buggy oversized DMA reads when > fetching context descriptors, always fetching 0x20 bytes at once for > descriptors which are only 0x10 bytes long. This is often harmless, but > can cause page faults on modern systems with IOMMUs: > > DMAR: [DMA Read] Request device [05:00.0] fault addr fff56000 [fault reason > 06] PTE Read access is not set > firewire_ohci 0000:05:00.0: DMA context IT0 has stopped, error code: > evt_descriptor_read > > This works around the problem by always leaving 0x10 padding bytes at > the end of descriptor buffer pages, which should be harmless to do > unconditionally for controllers in case others have the same behavior. > > Signed-off-by: Hector Martin <mar...@marcan.st>
Reviewed-by: Clemens Ladisch <clem...@ladisch.de> > --- > drivers/firewire/ohci.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c > index 8bf89267dc25..d731b413cb2c 100644 > --- a/drivers/firewire/ohci.c > +++ b/drivers/firewire/ohci.c > @@ -1130,7 +1130,13 @@ static int context_add_buffer(struct context *ctx) > return -ENOMEM; > > offset = (void *)&desc->buffer - (void *)desc; > - desc->buffer_size = PAGE_SIZE - offset; > + /* > + * Some controllers, like JMicron ones, always issue 0x20-byte DMA reads > + * for descriptors, even 0x10-byte ones. This can cause page faults when > + * an IOMMU is in use and the oversized read crosses a page boundary. > + * Work around this by always leaving at least 0x10 bytes of padding. > + */ > + desc->buffer_size = PAGE_SIZE - offset - 0x10; > desc->buffer_bus = bus_addr + offset; > desc->used = 0; >