korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-08 06:44:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
29a90b7089
linux/drivers/iommu
History
Robin Murphy 29a90b7089 iommu/vt-d: Fix scatterlist offset handling 
The intel-iommu DMA ops fail to correctly handle scatterlists where
sg->offset is greater than PAGE_SIZE - the IOVA allocation is computed
appropriately based on the page-aligned portion of the offset, but the
mapping is set up relative to sg->page, which means it fails to actually
cover the whole buffer (and in the worst case doesn't cover it at all):

    (sg->dma_address + sg->dma_len) ----+
    sg->dma_address ---------+          |
    iov_pfn------+           |          |
                 |           |          |
                 v           v          v
iova:   a        b        c        d        e        f
        |--------|--------|--------|--------|--------|
                          <...calculated....>
                 [_____mapped______]
pfn:    0        1        2        3        4        5
        |--------|--------|--------|--------|--------|
                 ^           ^          ^
                 |           |          |
    sg->page ----+           |          |
    sg->offset --------------+          |
    (sg->offset + sg->length) ----------+

As a result, the caller ends up overrunning the mapping into whatever
lies beyond, which usually goes badly:

[  429.645492] DMAR: DRHD: handling fault status reg 2
[  429.650847] DMAR: [DMA Write] Request device [02:00.4] fault addr f2682000 ...

Whilst this is a fairly rare occurrence, it can happen from the result
of intermediate scatterlist processing such as scatterwalk_ffwd() in the
crypto layer. Whilst that particular site could be fixed up, it still
seems worthwhile to bring intel-iommu in line with other DMA API
implementations in handling this robustly.

To that end, fix the intel_map_sg() path to line up the mapping
correctly (in units of MM pages rather than VT-d pages to match the
aligned_nrpages() calculation) regardless of the offset, and use
sg_phys() consistently for clarity.

Reported-by: Harsh Jain <Harsh@chelsio.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Reviewed by: Ashok Raj <ashok.raj@intel.com>
Tested by: Jacob Pan <jacob.jun.pan@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2017-11-17 10:28:58 -07:00
..
amd_iommu_init.c iommu/amd: pr_err() strings should end with newlines 2017-09-27 17:01:35 +02:00
amd_iommu_proto.h IOMMU Updates for Linux v4.14 2017-09-09 15:03:24 -07:00
amd_iommu_types.h IOMMU Updates for Linux v4.14 2017-09-09 15:03:24 -07:00
amd_iommu_v2.c IOMMU Updates for Linux v4.14 2017-09-09 15:03:24 -07:00
amd_iommu.c IOMMU Updates for Linux v4.15 2017-11-14 16:43:27 -08:00
arm-smmu-regs.h iommu/arm-smmu: Split out register defines 2017-08-15 17:34:48 +02:00
arm-smmu-v3.c Merge branches 'iommu/arm/smmu', 'iommu/updates', 'iommu/vt-d', 'iommu/ipmmu-vmsa' and 'iommu/iova' into iommu-next-20171113.0 2017-11-13 12:40:51 -07:00
arm-smmu.c Merge branches 'iommu/arm/smmu', 'iommu/updates', 'iommu/vt-d', 'iommu/ipmmu-vmsa' and 'iommu/iova' into iommu-next-20171113.0 2017-11-13 12:40:51 -07:00
dma-iommu.c iommu/iova: Make rcache flush optional on IOVA allocation failure 2017-10-12 14:18:02 +02:00
dmar.c iommu/vt-d: Clear Page Request Overflow fault bit 2017-11-03 10:51:33 -06:00
exynos-iommu.c Merge branches 'iommu/fixes', 'arm/omap', 'arm/exynos', 'x86/amd', 'x86/vt-d' and 'core' into next 2017-10-13 17:32:24 +02:00
fsl_pamu_domain.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
fsl_pamu_domain.h iommu/pamu: Fix PAMU boot crash 2017-08-23 16:28:09 +02:00
fsl_pamu.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
fsl_pamu.h iommu/pamu: Fix PAMU boot crash 2017-08-23 16:28:09 +02:00
intel_irq_remapping.c Merge branch 'linus' into x86/apic, to resolve conflicts 2017-11-07 10:51:10 +01:00
intel-iommu.c iommu/vt-d: Fix scatterlist offset handling 2017-11-17 10:28:58 -07:00
intel-svm.c iommu/vt-d: Clear pasid table entry when memory unbound 2017-11-03 10:51:34 -06:00
io-pgtable-arm-v7s.c Merge branches 'iommu/fixes', 'arm/omap', 'arm/exynos', 'x86/amd', 'x86/vt-d' and 'core' into next 2017-10-13 17:32:24 +02:00
io-pgtable-arm.c iommu/io-pgtable-arm: Convert to IOMMU API TLB sync 2017-10-02 15:45:25 +02:00
io-pgtable.c iommu/io-pgtable: Fix a brace coding style issue. 2016-04-05 15:34:29 +02:00
io-pgtable.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu-sysfs.c iommu: Fix wrong freeing of iommu_device->dev 2017-08-15 13:58:48 +02:00
iommu-traces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
iova.c iommu/iova: Use raw_cpu_ptr() instead of get_cpu_ptr() for ->fq 2017-11-06 11:24:35 -07:00
ipmmu-vmsa.c iommu/ipmmu-vmsa: Hook up r8a7795 DT matching code 2017-11-06 10:29:39 -07:00
irq_remapping.c x86/cpufeature: Replace cpu_has_apic with boot_cpu_has() usage 2016-04-13 11:37:41 +02:00
irq_remapping.h iommu, x86: Setup Posted-Interrupts capability for Intel iommu 2015-06-12 11:33:52 +02:00
Kconfig iommu/qcom: Depend on HAS_DMA to fix compile error 2017-09-19 15:30:41 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
msm_iommu_hw-8xxx.h iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
msm_iommu.c iommu/msm: Add iommu_group support 2017-08-10 00:03:50 +02:00
msm_iommu.h iommu/msm: Make use of iommu_device_register interface 2017-02-10 13:44:57 +01:00
mtk_iommu_v1.c iommu/mediatek: Fix driver name 2017-11-06 10:40:53 -07:00
mtk_iommu.c Merge branches 'iommu/fixes', 'arm/omap', 'arm/exynos', 'x86/amd', 'x86/vt-d' and 'core' into next 2017-10-13 17:32:24 +02:00
mtk_iommu.h iommu/mediatek: Merge 2 M4U HWs into one iommu domain 2017-08-22 16:37:59 +02:00
of_iommu.c iommu/of: Remove PCI host bridge node check 2017-09-22 12:05:43 +02:00
omap-iommu-debug.c iommu/omap: Align code with open parenthesis 2016-04-05 17:53:20 +02:00
omap-iommu.c iommu/omap: Add support to program multiple iommus 2017-09-19 11:32:05 +02:00
omap-iommu.h iommu/omap: Add support to program multiple iommus 2017-09-19 11:32:05 +02:00
omap-iopgtable.h iommu/omap: Use BIT(x) macros in omap-iopgtable.h 2015-08-03 16:04:42 +02:00
qcom_iommu.c iommu: qcom: wire up fault handler 2017-11-03 10:50:33 -06:00
rockchip-iommu.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
s390-iommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tegra-gart.c iommu/tegra-gart: Add support for struct iommu_device 2017-08-17 16:31:34 +02:00
tegra-smmu.c arm/tegra: Call bus_set_iommu() after iommu_device_register() 2017-08-30 17:28:32 +02:00