Re: [PATCH v3 12/32] iommu/exynos: implement iova_to_phys_length

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] This problem wasn't introduced by this patch, but the driver accesses little-endian page table entries using native CPU endianness, leading to corruption and incorrect page table walks on big-endian systems. The function `exynos_iommu_set_pte()` correctly writes entries as little-endian using `cpu_to_le32()`. However, macros like `lv1ent_section` and `lv1ent_page` directly dereference the `sysmmu_pte_t *` pointer (e.g., `*(sent) & 3`), which evaluates the native 32-bit value. On a big-endian system, this bitwise operation checks the most significant byte of the little-endian value in memory, always failing the structure checks. Furthermore, some assignments like `domain->pgtable[i] = ZERO_LV2LINK;` bypass endian conversion entirely, writing big-endian values that the little-endian hardware will misinterpret.
--

commit 097549f5c7fdecb9881aa9c7d6c8964f12985a19
Author: Guanghui Feng <guanghuifeng@linux.alibaba.com>

iommu/exynos: implement iova_to_phys_length

This commit implements the iova_to_phys_length callback for the Exynos IOMMU
driver. It traverses the page table to return both the physical address and
the actual PTE mapping size for a given IOVA.

> diff --git a/drivers/iommu/exynos-iommu.c b/drivers/iommu/exynos-iommu.c
> --- a/drivers/iommu/exynos-iommu.c
> +++ b/drivers/iommu/exynos-iommu.c
[ ... ]
> @@ -1386,13 +1387,20 @@ static phys_addr_t exynos_iommu_iova_to_phys(struct iommu_domain *iommu_domain,
>  
>  	if (lv1ent_section(entry)) {
>  		phys = section_phys(entry) + section_offs(iova);

[Severity: High]
This is a pre-existing issue, but does exynos_iommu_iova_to_phys_length()
correctly handle endianness on big-endian systems?

The macros like lv1ent_section() and lv1ent_page() directly dereference the
sysmmu_pte_t pointer using native CPU endianness. For example, lv1ent_section
evaluates to (*(sent) & 3).

Since the hardware uses little-endian page tables, a big-endian CPU
evaluating this bitwise operation will check the most significant byte of
the little-endian value in memory. This will cause the structure checks to
fail, leading to incorrect page table walks and IOMMU translation faults.

While exynos_iommu_set_pte() correctly writes entries using cpu_to_le32(),
the read paths do not seem to do the reverse conversion. Would it be
appropriate to convert the values using le32_to_cpu() when reading these
page table entries to prevent corruption on big-endian architectures?

> +		if (mapped_length)
> +			*mapped_length = SECT_SIZE;
>  	} else if (lv1ent_page(entry)) {
>  		entry = page_entry(entry, iova);
[ ... ]

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260603151804.1963871-1-guanghuifeng@linux.alibaba.com?part=12