[Bug 279383] riscv bounce_bus_dmamap_load_buffer()

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279383

            Bug ID: 279383
           Summary: riscv bounce_bus_dmamap_load_buffer()
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: riscv
          Assignee: riscv@FreeBSD.org
          Reporter: rtm@lcs.mit.edu

I use an old riscv simulator whose virtio block device doesn't support
the VIRTIO_BLK_F_SEG_MAX feature, so FreeBSD's
vtblk_maximum_segments() decides it supports only three segments. This
has worked, but stopped working after a recent update to
the riscv busdma_bounce.c.

The very first read of a virtio block device is 20 bytes (to read the
label?). The riscv bounce_bus_dmamap_load_buffer() decides a bounce
page is needed. But it rounds up the size from buflen=20 bytes to a
whole page (since dmat->common.alignment is 4096):

                sgsize = MIN(buflen, PAGE_SIZE - (curaddr & PAGE_MASK));
                if (((dmat->bounce_flags & BF_COULD_BOUNCE) != 0) &&
                    map->pagesneeded != 0 &&
                    addr_needs_bounce(dmat, curaddr)) {
                        sgsize = roundup2(sgsize, dmat->common.alignment);
                        curaddr = add_bounce_page(dmat, map, kvaddr, curaddr,
                            sgsize);

The immediate problem is that later the 

                buflen -= sgsize;

wraps (since buflen is 20 and sgsize is 4096), so that buflen is huge
and the while loop incorrectly makes a second iteration. 

A potential fix is to restore the bounce_bus_dmamap_load_buffer() code
from a few months ago that limits sgsize to be no more than buflen.

FreeBSD  15.0-CURRENT FreeBSD 15.0-CURRENT #312
main-n250991-01d33dbbb3f8-dirty: Wed May 29 12:49:02 EDT 2024    
rtm@zika:/usr/obj/usr/rtm/symbsd/src/riscv.riscv64/sys/RTM riscv

-- 
You are receiving this mail because:
You are the assignee for the bug.