From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Shankar, Hari" Subject: Re: bug in intel_iommu_unmap() Date: Mon, 2 Sep 2013 01:54:32 +0000 Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4028847496147214152==" Return-path: In-Reply-To: Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org" Cc: "Singh, Varinder" , "Sundaram, Rajesh" , "Kimmel, Jeff" , "iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org" , "Spiller, John" List-Id: iommu@lists.linux-foundation.org --===============4028847496147214152== Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_CE493D74414FFhshankarnetappcom_" --_000_CE493D74414FFhshankarnetappcom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Please ignore this email. Per suggestion from Alex, I will send another ema= il to fix some style points related to the patch. Thanks Alex for pointing = it out. Hari. From: , Hari > Date: Sunday, September 1, 2013 1:26 PM To: "dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org" > Cc: "iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org" >, "Kimmel, Jeff" >, "Spiller, John" >, "Singh, Varinder" >, "Sundaram, Rajesh" >, Alex Williamson > Subject: bug in intel_iommu_unmap() Hi David, NetApp is using Linux VFIO code for user space drivers. We recently ran int= o a memory corruption bug which was root caused to lack of IOMMU TLB flush = in intel_iommu_unmap() routine. While reviewing the code we also figured that the unmap routine always retu= rns size only for one page rather than the total unmapped size. Since VFIO = unmaps one page at a time, the problem isn't exposed Alex Williamson suggested that you're the maintainer of the code so sending= to you for review. Diff for the changes is attached and is generated on Linux kernel version 3= .6.11 Hari. --_000_CE493D74414FFhshankarnetappcom_ Content-Type: text/html; charset="us-ascii" Content-ID: <0D1DE198C3224049A47304671399F2E3-c5HhxtLuC0z3oGB3hsPCZA@public.gmane.org> Content-Transfer-Encoding: quoted-printable

Please ignore this email. Per suggestion from Alex, I will send anothe= r email to fix some style points related to the patch. Thanks Alex for poin= ting it out.

Hari.

From: <Shankar>, Hari <Hari.Shankar-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>
Date: Sunday, September 1, 2013 1:2= 6 PM
To: "dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org" <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
Cc: "iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org" <<= a href=3D"mailto:iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org">iommu-cunTk1MwBs9QetFLy7KEm3ANibfEOA+W@public.gmane.org= tion.org>, "Kimmel, Jeff" <jeff.kimmel-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>, "Spiller, John" <J= ohn.Spiller-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>, "Singh, Varinder" <Varinder.Singh-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>, "= Sundaram, Rajesh" <Ra= jesh.Sundaram-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>, Alex Williamson <alex.wil= liamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: bug in intel_iommu_unmap()=

Hi David,

NetApp is using Linux VFIO code for user space drivers. We recently ra= n into a memory corruption bug which was root caused to lack of IOMMU TLB f= lush in intel_iommu_unmap() routine.

While reviewing the code we also figured that the unmap routine&n= bsp;always returns size only for one page rather than the total unmapped si= ze. Since VFIO unmaps one page at a time, the problem isn't exposed

Alex Williamson suggested that you're the maintainer of the code so se= nding to you for review.

Diff for the changes is attached and is generated on Linux kernel= version 3.6.11

Hari.

--_000_CE493D74414FFhshankarnetappcom_-- --===============4028847496147214152== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============4028847496147214152==--