[PATCH] iommu/arm-smmu-v3: Fix pgsize

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
@ 2025-04-12  0:23 Balbir Singh
  2025-04-15 13:10 ` Jason Gunthorpe
  2025-04-17 14:27 ` Will Deacon
  0 siblings, 2 replies; 4+ messages in thread
From: Balbir Singh @ 2025-04-12  0:23 UTC (permalink / raw)
  To: iommu
  Cc: linux-kernel, Balbir Singh, Jason Gunthorpe,
	Jean-Philippe Brucker, Will Deacon, Robin Murphy, Joerg Roedel,
	Jason Gunthorpe

UBSan caught a bug with IOMMU SVA domains, where the reported exponent
value in __arm_smmu_tlb_inv_range() was >= 64.
__arm_smmu_tlb_inv_range() uses the domain's pgsize_bitmap to compute
the number of pages to invalidate and the invalidation range. Currently
arm_smmu_sva_domain_alloc() does not setup the iommu domain's
pgsize_bitmap. This leads to __ffs() on the value returning 64 and that
leads to undefined behaviour w.r.t. shift operations

Fix this by initializing the iommu_domain's pgsize_bitmap to PAGE_SIZE.
Effectively the code needs to use the smallest page size for
invalidation

Fixes: eb6c97647be2 ("iommu/arm-smmu-v3: Avoid constructing invalid range commands")
Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Balbir Singh <balbirs@nvidia.com>

Cc: Jean-Philippe Brucker <jean-philippe@linaro.org>
Cc: Will Deacon <will@kernel.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>

---
 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c
index 9ba596430e7c..980cc6b33c43 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c
@@ -411,6 +411,12 @@ struct iommu_domain *arm_smmu_sva_domain_alloc(struct device *dev,
 		return ERR_CAST(smmu_domain);
 	smmu_domain->domain.type = IOMMU_DOMAIN_SVA;
 	smmu_domain->domain.ops = &arm_smmu_sva_domain_ops;
+
+	/*
+	 * Choose page_size as the leaf page size for invalidation when
+	 * ARM_SMMU_FEAT_RANGE_INV is present
+	 */
+	smmu_domain->domain.pgsize_bitmap = PAGE_SIZE;
 	smmu_domain->smmu = smmu;
 
 	ret = xa_alloc(&arm_smmu_asid_xa, &asid, smmu_domain,
-- 
2.49.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
  2025-04-12  0:23 [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains Balbir Singh
@ 2025-04-15 13:10 ` Jason Gunthorpe
  2025-04-15 23:49   ` Balbir Singh
  2025-04-17 14:27 ` Will Deacon
  1 sibling, 1 reply; 4+ messages in thread
From: Jason Gunthorpe @ 2025-04-15 13:10 UTC (permalink / raw)
  To: Balbir Singh
  Cc: iommu, linux-kernel, Jean-Philippe Brucker, Will Deacon,
	Robin Murphy, Joerg Roedel

On Sat, Apr 12, 2025 at 10:23:54AM +1000, Balbir Singh wrote:
> UBSan caught a bug with IOMMU SVA domains, where the reported exponent
> value in __arm_smmu_tlb_inv_range() was >= 64.
> __arm_smmu_tlb_inv_range() uses the domain's pgsize_bitmap to compute
> the number of pages to invalidate and the invalidation range. Currently
> arm_smmu_sva_domain_alloc() does not setup the iommu domain's
> pgsize_bitmap. This leads to __ffs() on the value returning 64 and that
> leads to undefined behaviour w.r.t. shift operations
> 
> Fix this by initializing the iommu_domain's pgsize_bitmap to PAGE_SIZE.
> Effectively the code needs to use the smallest page size for
> invalidation
> 
> Fixes: eb6c97647be2 ("iommu/arm-smmu-v3: Avoid constructing invalid range commands")
> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Signed-off-by: Balbir Singh <balbirs@nvidia.com>
> 
> Cc: Jean-Philippe Brucker <jean-philippe@linaro.org>
> Cc: Will Deacon <will@kernel.org>
> Cc: Robin Murphy <robin.murphy@arm.com>
> Cc: Joerg Roedel <joro@8bytes.org>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> 
> ---
>  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 6 ++++++
>  1 file changed, 6 insertions(+)

Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>

This should go to rc

Jason

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
  2025-04-15 13:10 ` Jason Gunthorpe
@ 2025-04-15 23:49   ` Balbir Singh
  0 siblings, 0 replies; 4+ messages in thread
From: Balbir Singh @ 2025-04-15 23:49 UTC (permalink / raw)
  To: Jason Gunthorpe
  Cc: iommu, linux-kernel, Jean-Philippe Brucker, Will Deacon,
	Robin Murphy, Joerg Roedel

On 4/15/25 23:10, Jason Gunthorpe wrote:
> On Sat, Apr 12, 2025 at 10:23:54AM +1000, Balbir Singh wrote:
>> UBSan caught a bug with IOMMU SVA domains, where the reported exponent
>> value in __arm_smmu_tlb_inv_range() was >= 64.
>> __arm_smmu_tlb_inv_range() uses the domain's pgsize_bitmap to compute
>> the number of pages to invalidate and the invalidation range. Currently
>> arm_smmu_sva_domain_alloc() does not setup the iommu domain's
>> pgsize_bitmap. This leads to __ffs() on the value returning 64 and that
>> leads to undefined behaviour w.r.t. shift operations
>>
>> Fix this by initializing the iommu_domain's pgsize_bitmap to PAGE_SIZE.
>> Effectively the code needs to use the smallest page size for
>> invalidation
>>
>> Fixes: eb6c97647be2 ("iommu/arm-smmu-v3: Avoid constructing invalid range commands")
>> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
>> Signed-off-by: Balbir Singh <balbirs@nvidia.com>
>>
>> Cc: Jean-Philippe Brucker <jean-philippe@linaro.org>
>> Cc: Will Deacon <will@kernel.org>
>> Cc: Robin Murphy <robin.murphy@arm.com>
>> Cc: Joerg Roedel <joro@8bytes.org>
>> Cc: Jason Gunthorpe <jgg@ziepe.ca>
>>
>> ---
>>  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 6 ++++++
>>  1 file changed, 6 insertions(+)
> 
> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
> 
> This should go to rc
> 

Thanks Jason! I was wondering if I should add a cc: stable, I think that it's
a simple enough fix to backport, but I would also like maintainer(s) inputs as well


Balbir Singh

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
  2025-04-12  0:23 [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains Balbir Singh
  2025-04-15 13:10 ` Jason Gunthorpe
@ 2025-04-17 14:27 ` Will Deacon
  1 sibling, 0 replies; 4+ messages in thread
From: Will Deacon @ 2025-04-17 14:27 UTC (permalink / raw)
  To: iommu, Balbir Singh
  Cc: catalin.marinas, kernel-team, Will Deacon, linux-kernel,
	Jean-Philippe Brucker, Robin Murphy, Joerg Roedel,
	Jason Gunthorpe

On Sat, 12 Apr 2025 10:23:54 +1000, Balbir Singh wrote:
> UBSan caught a bug with IOMMU SVA domains, where the reported exponent
> value in __arm_smmu_tlb_inv_range() was >= 64.
> __arm_smmu_tlb_inv_range() uses the domain's pgsize_bitmap to compute
> the number of pages to invalidate and the invalidation range. Currently
> arm_smmu_sva_domain_alloc() does not setup the iommu domain's
> pgsize_bitmap. This leads to __ffs() on the value returning 64 and that
> leads to undefined behaviour w.r.t. shift operations
> 
> [...]

Applied to iommu (arm/smmu/fixes), thanks!

[1/1] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
      https://git.kernel.org/iommu/c/12f78021973a

Cheers,
-- 
Will

https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-04-17 14:27 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-12  0:23 [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains Balbir Singh
2025-04-15 13:10 ` Jason Gunthorpe
2025-04-15 23:49   ` Balbir Singh
2025-04-17 14:27 ` Will Deacon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox