korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 16:24:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
dcdb3ba7e2
linux/drivers/iommu
History
Yunfei Wang dcdb3ba7e2 iommu/iova: Fix alloc iova overflows issue 
In __alloc_and_insert_iova_range, there is an issue that retry_pfn
overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when
iovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will
overflow. As a result, if the retry logic is executed, low_pfn is
updated to 0, and then new_pfn < low_pfn returns false to make the
allocation successful.

This issue occurs in the following two situations:
1. The first iova size exceeds the domain size. When initializing
iova domain, iovad->cached_node is assigned as iovad->anchor. For
example, the iova domain size is 10M, start_pfn is 0x1_F000_0000,
and the iova size allocated for the first time is 11M. The
following is the log information, new->pfn_lo is smaller than
iovad->cached_node.

Example log as follows:
[  223.798112][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
start_pfn:0x1f0000,retry_pfn:0x0,size:0xb00,limit_pfn:0x1f0a00
[  223.799590][T1705487] sh: [name:iova&]__alloc_and_insert_iova_range
success start_pfn:0x1f0000,new->pfn_lo:0x1efe00,new->pfn_hi:0x1f08ff

2. The node with the largest iova->pfn_lo value in the iova domain
is deleted, iovad->cached_node will be updated to iovad->anchor,
and then the alloc iova size exceeds the maximum iova size that can
be allocated in the domain.

After judging that retry_pfn is less than limit_pfn, call retry_pfn+1
to fix the overflow issue.

Signed-off-by: jianjiao zeng <jianjiao.zeng@mediatek.com>
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
Cc: <stable@vger.kernel.org> # 5.15.*
Fixes: 4e89dce725 ("iommu/iova: Retry from last rb tree node if iova search fails")
Acked-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20230111063801.25107-1-yf.wang@mediatek.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2023-01-13 13:46:31 +01:00
..
amd IOMMU Updates for Linux v6.2 2022-12-19 08:34:39 -06:00
arm iommu/arm-smmu-v3: Don't unregister on shutdown 2023-01-13 13:46:21 +01:00
intel IOMMU Updates for Linux v6.2 2022-12-19 08:34:39 -06:00
iommufd iommufd for 6.2 2022-12-14 09:15:43 -08:00
apple-dart.c iommu: Add gfp parameter to iommu_alloc_resv_region 2022-10-21 10:49:32 +02:00
dma-iommu.c dma-mapping: reject __GFP_COMP in dma_alloc_attrs 2022-11-21 09:37:20 +01:00
dma-iommu.h iommu/dma: Make header private 2022-09-09 09:26:22 +02:00
exynos-iommu.c iommu/exynos: Fix driver initialization sequence 2022-11-19 10:33:15 +01:00
fsl_pamu_domain.c iommu: Regulate EINVAL in ->attach_dev callback functions 2022-11-01 14:39:59 -03:00
fsl_pamu_domain.h iommu/fsl_pamu: remove the snoop_id field 2021-04-07 10:56:52 +02:00
fsl_pamu.c Merge branches 'arm/allwinner', 'arm/exynos', 'arm/mediatek', 'arm/rockchip', 'arm/smmu', 'ppc/pamu', 's390', 'x86/vt-d', 'x86/amd' and 'core' into next 2022-12-12 12:50:53 +01:00
fsl_pamu.h iommu/fsl_pamu: hardcode the window address and size in pamu_config_ppaace 2021-04-07 10:56:52 +02:00
hyperv-iommu.c iommu/hyper-v: Allow hyperv irq remapping without x2apic 2022-11-28 16:48:20 +00:00
io-pgfault.c iommu: Rename iommu-sva-lib.{c,h} 2022-11-03 15:47:54 +01:00
io-pgtable-arm-v7s.c iommu/io-pgtable-arm-v7s: Remove map/unmap 2022-11-19 10:44:15 +01:00
io-pgtable-arm.c iommu/io-pgtable-arm: Remove map/unmap 2022-11-19 10:44:15 +01:00
io-pgtable-arm.h iommu/io-pgtable-arm: Move some definitions to a header 2020-09-28 23:48:06 +01:00
io-pgtable-dart.c iommu/io-pgtable-dart: Add DART PTE support for t6000 2022-09-26 13:49:40 +02:00
io-pgtable.c Merge branches 'apple/dart', 'arm/mediatek', 'arm/omap', 'arm/smmu', 'virtio', 'x86/vt-d', 'x86/amd' and 'core' into next 2022-09-26 15:52:31 +02:00
ioasid.c iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit 2022-02-15 11:31:35 +01:00
iommu-debugfs.c
iommu-sva.c iommu: Rename iommu-sva-lib.{c,h} 2022-11-03 15:47:54 +01:00
iommu-sva.h iommu: Rename iommu-sva-lib.{c,h} 2022-11-03 15:47:54 +01:00
iommu-sysfs.c drivers/iommu: Export core IOMMU API symbols to permit modular drivers 2019-12-23 14:06:05 +01:00
iommu-traces.c
iommu.c iommu: Fix refcount leak in iommu_device_claim_dma_owner 2023-01-13 13:46:22 +01:00
iova.c iommu/iova: Fix alloc iova overflows issue 2023-01-13 13:46:31 +01:00
ipmmu-vmsa.c iommu/ipmmu-vmsa: Update to {map,unmap}_pages 2022-11-19 10:44:14 +01:00
irq_remapping.c x86: Kill all traces of irq_remapping_get_irq_domain() 2020-10-28 20:26:28 +01:00
irq_remapping.h x86: Kill all traces of irq_remapping_get_irq_domain() 2020-10-28 20:26:28 +01:00
Kconfig iommufd for 6.2 2022-12-14 09:15:43 -08:00
Makefile iommufd: File descriptor, context, kconfig and makefiles 2022-11-30 20:16:49 -04:00
msm_iommu_hw-8xxx.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 267 2019-06-05 17:30:29 +02:00
msm_iommu.c iommu/msm: Update to {map,unmap}_pages 2022-11-19 10:44:14 +01:00
msm_iommu.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 267 2019-06-05 17:30:29 +02:00
mtk_iommu_v1.c iommu/mediatek-v1: Update to {map,unmap}_pages 2022-11-19 10:44:12 +01:00
mtk_iommu.c Merge branches 'arm/allwinner', 'arm/exynos', 'arm/mediatek', 'arm/rockchip', 'arm/smmu', 'ppc/pamu', 's390', 'x86/vt-d', 'x86/amd' and 'core' into next 2022-12-12 12:50:53 +01:00
of_iommu.c iommu/of: Remove linux/msi.h include 2022-11-23 23:07:38 +01:00
omap-iommu-debug.c iommu/omap: Fix buffer overflow in debugfs 2022-09-07 10:42:28 +02:00
omap-iommu.c iommu: Use EINVAL for incompatible device/domain in ->attach_dev 2022-11-01 14:39:59 -03:00
omap-iommu.h iommu/omap: add support for late attachment of iommu devices 2019-08-09 17:37:10 +02:00
omap-iopgtable.h iommu/omap: Fix -Woverflow warnings when compiling on 64-bit architectures 2020-03-04 16:24:46 +01:00
rockchip-iommu.c iommu/rockchip: fix permission bits in page table entries v2 2022-11-03 15:58:41 +01:00
s390-iommu.c s390/pci: use lock-free I/O translation updates 2022-11-19 10:28:18 +01:00
sprd-iommu.c iommu/sprd: Update to {map,unmap}_pages 2022-11-19 10:44:13 +01:00
sun50i-iommu.c iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY 2022-12-05 11:52:57 +01:00
tegra-gart.c iommu: Use EINVAL for incompatible device/domain in ->attach_dev 2022-11-01 14:39:59 -03:00
tegra-smmu.c iommu/tegra-smmu: Clean up bus_set_iommu() 2022-09-07 14:26:16 +02:00
virtio-iommu.c iommu: Propagate return value in ->attach_dev callback functions 2022-11-01 14:39:59 -03:00