From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Alex Williamson <alex.williamson@redhat.com>,
Joerg Roedel <joro@8bytes.org>
Subject: [ 11/59] iommu/amd: Only unmap large pages from the first pte
Date: Fri, 26 Jul 2013 13:52:35 -0700 [thread overview]
Message-ID: <20130726205015.027030735@linuxfoundation.org> (raw)
In-Reply-To: <20130726205013.795696531@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit 60d0ca3cfd199b6612bbbbf4999a3470dad38bb1 upstream.
If we use a large mapping, the expectation is that only unmaps from
the first pte in the superpage are supported. Unmaps from offsets
into the superpage should fail (ie. return zero sized unmap). In the
current code, unmapping from an offset clears the size of the full
mapping starting from an offset. For instance, if we map a 16k
physically contiguous range at IOVA 0x0 with a large page, then
attempt to unmap 4k at offset 12k, 4 ptes are cleared (12k - 28k) and
the unmap returns 16k unmapped. This potentially incorrectly clears
valid mappings and confuses drivers like VFIO that use the unmap size
to release pinned pages.
Fix by refusing to unmap from offsets into the page.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Joerg Roedel <joro@8bytes.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/amd_iommu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -1309,6 +1309,10 @@ static unsigned long iommu_unmap_page(st
/* Large PTE found which maps this address */
unmap_size = PTE_PAGE_SIZE(*pte);
+
+ /* Only unmap from the first pte in the page */
+ if ((unmap_size - 1) & bus_addr)
+ break;
count = PAGE_SIZE_PTE_COUNT(unmap_size);
for (i = 0; i < count; i++)
pte[i] = 0ULL;
@@ -1318,7 +1322,7 @@ static unsigned long iommu_unmap_page(st
unmapped += unmap_size;
}
- BUG_ON(!is_power_of_2(unmapped));
+ BUG_ON(unmapped && !is_power_of_2(unmapped));
return unmapped;
}
next prev parent reply other threads:[~2013-07-26 20:52 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-26 20:52 [ 00/59] 3.4.55-stable review Greg Kroah-Hartman
2013-07-26 20:52 ` [ 01/59] ext3: fix data=journal fast mount/umount hang Greg Kroah-Hartman
2013-07-26 20:52 ` [ 02/59] libata: skip SRST for all SIMG [34]7x port-multipliers Greg Kroah-Hartman
2013-07-26 20:52 ` [ 03/59] ata_piix: IDE-mode SATA patch for Intel Coleto Creek DeviceIDs Greg Kroah-Hartman
2013-07-26 20:52 ` [ 04/59] ASoC: sglt5000: Fix SGTL5000_PLL_FRAC_DIV_MASK Greg Kroah-Hartman
2013-07-26 20:52 ` [ 05/59] tick: Prevent uncontrolled switch to oneshot mode Greg Kroah-Hartman
2013-07-26 20:52 ` [ 06/59] rt2x00: read 5GHz TX power values from the correct offset Greg Kroah-Hartman
2013-07-26 20:52 ` [ 07/59] ath9k: Do not assign noise for NULL caldata Greg Kroah-Hartman
2013-07-26 20:52 ` [ 08/59] SCSI: zfcp: fix adapter (re)open recovery while link to SAN is down Greg Kroah-Hartman
2013-07-26 20:52 ` [ 09/59] SCSI: mpt2sas: fix firmware failure with wrong task attribute Greg Kroah-Hartman
2013-07-26 20:52 ` [ 10/59] tracing: Use current_uid() for critical time tracing Greg Kroah-Hartman
2013-07-26 20:52 ` Greg Kroah-Hartman [this message]
2013-07-26 20:52 ` [ 12/59] perf: Clone child context from parent context pmu Greg Kroah-Hartman
2013-07-26 20:52 ` [ 13/59] perf: Remove WARN_ON_ONCE() check in __perf_event_enable() for valid scenario Greg Kroah-Hartman
2013-07-26 20:52 ` [ 14/59] perf: Fix perf_lock_task_context() vs RCU Greg Kroah-Hartman
2013-07-26 20:52 ` [ 15/59] sparc32: vm_area_struct access for old Sun SPARCs Greg Kroah-Hartman
2013-07-27 21:45 ` Ben Hutchings
2013-07-28 2:27 ` David Miller
2013-07-28 18:37 ` Greg KH
2013-07-26 20:52 ` [ 16/59] sparc64 address-congruence property Greg Kroah-Hartman
2013-07-26 20:52 ` [ 17/59] sparc: tsb must be flushed before tlb Greg Kroah-Hartman
2013-07-26 20:52 ` [ 18/59] bridge: fix switched interval for MLD Query types Greg Kroah-Hartman
2013-07-26 20:52 ` [ 19/59] ipv4: Fixed MD5 key lookups when adding/ removing MD5 to/ from TCP sockets Greg Kroah-Hartman
2013-07-26 20:52 ` [ 20/59] ipv6: dont call addrconf_dst_alloc again when enable lo Greg Kroah-Hartman
2013-07-26 20:52 ` [ 21/59] macvtap: fix recovery from gup errors Greg Kroah-Hartman
2013-07-26 20:52 ` [ 22/59] ipv6: ip6_sk_dst_check() must not assume ipv6 dst Greg Kroah-Hartman
2013-07-26 20:52 ` [ 23/59] af_key: fix info leaks in notify messages Greg Kroah-Hartman
2013-07-26 20:52 ` [ 24/59] sh_eth: fix unhandled RFE interrupt Greg Kroah-Hartman
2013-07-26 20:52 ` [ 25/59] neighbour: fix a race in neigh_destroy() Greg Kroah-Hartman
2013-07-26 20:52 ` [ 26/59] x25: Fix broken locking in ioctl error paths Greg Kroah-Hartman
2013-07-26 20:52 ` [ 27/59] net: Swap ver and type in pppoe_hdr Greg Kroah-Hartman
2013-07-26 20:52 ` [ 28/59] ipv6,mcast: always hold idev->lock before mca_lock Greg Kroah-Hartman
2013-07-26 20:52 ` [ 29/59] l2tp: add missing .owner to struct pppox_proto Greg Kroah-Hartman
2013-07-26 20:52 ` [ 30/59] ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data Greg Kroah-Hartman
2013-07-26 20:52 ` [ 31/59] ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size Greg Kroah-Hartman
2013-07-26 20:52 ` [ 32/59] sunvnet: vnet_port_remove must call unregister_netdev Greg Kroah-Hartman
2013-07-26 20:52 ` [ 33/59] ifb: fix rcu_sched self-detected stalls Greg Kroah-Hartman
2013-07-26 20:52 ` [ 34/59] macvtap: correctly linearize skb when zerocopy is used Greg Kroah-Hartman
2013-07-26 20:52 ` [ 35/59] ipv6: in case of link failure remove route directly instead of letting it expire Greg Kroah-Hartman
2013-07-26 20:53 ` [ 36/59] 9p: fix off by one causing access violations and memory corruption Greg Kroah-Hartman
2013-07-26 20:53 ` [ 37/59] dummy: fix oops when loading the dummy failed Greg Kroah-Hartman
2013-07-26 20:53 ` [ 38/59] ifb: fix oops when loading the ifb failed Greg Kroah-Hartman
2013-07-26 20:53 ` [ 39/59] atl1e: fix dma mapping warnings Greg Kroah-Hartman
2013-07-26 20:53 ` [ 40/59] atl1e: unmap partially mapped skb on dma error and free skb Greg Kroah-Hartman
2013-07-26 20:53 ` [ 41/59] vlan: fix a race in egress prio management Greg Kroah-Hartman
2013-07-26 20:53 ` [ 42/59] writeback: Fix periodic writeback after fs mount Greg Kroah-Hartman
2013-07-26 20:53 ` [ 43/59] SCSI: megaraid_sas: fix memory leak if SGL has zero length entries Greg Kroah-Hartman
2013-07-26 20:53 ` [ 44/59] SCSI: Fix incorrect memset in bnx2fc_parse_fcp_rsp Greg Kroah-Hartman
2013-07-26 20:53 ` [ 45/59] [SCSI] zfcp: block queue limits with data router Greg Kroah-Hartman
2013-07-26 20:53 ` [ 46/59] usb: serial: option: blacklist ONDA MT689DC QMI interface Greg Kroah-Hartman
2013-07-26 20:53 ` [ 47/59] usb: option: add TP-LINK MA260 Greg Kroah-Hartman
2013-07-26 20:53 ` [ 48/59] usb: serial: option: add Olivetti Olicard 200 Greg Kroah-Hartman
2013-07-26 20:53 ` [ 49/59] usb: serial: option.c: remove ONDA MT825UP product ID fromdriver Greg Kroah-Hartman
2013-07-26 20:53 ` [ 50/59] USB: option: append Petatel NP10T device to GSM modems list Greg Kroah-Hartman
2013-07-26 20:53 ` [ 51/59] USB: option: add D-Link DWM-152/C1 and DWM-156/C1 Greg Kroah-Hartman
2013-07-26 20:53 ` [ 52/59] usb: serial: option: Add ONYX 3G device support Greg Kroah-Hartman
2013-07-26 20:53 ` [ 53/59] usb: serial: cp210x: Add USB ID for Netgear Switches embedded serial adapter Greg Kroah-Hartman
2013-07-26 20:53 ` [ 54/59] USB: cp210x: add MMB and PI ZigBee USB Device Support Greg Kroah-Hartman
2013-07-26 20:53 ` [ 55/59] usb: cp210x support SEL C662 Vendor/Device Greg Kroah-Hartman
2013-07-26 20:53 ` [ 56/59] lockd: protect nlm_blocked access in nlmsvc_retry_blocked Greg Kroah-Hartman
2013-07-26 20:53 ` [ 57/59] tracing: Fix irqs-off tag display in syscall tracing Greg Kroah-Hartman
2013-07-26 20:53 ` [ 58/59] hrtimers: Move SMP function call to thread context Greg Kroah-Hartman
2013-07-26 20:53 ` [ 59/59] ALSA: usb-audio: 6fire: return correct XRUN indication Greg Kroah-Hartman
2013-07-27 21:28 ` [ 00/59] 3.4.55-stable review linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130726205015.027030735@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alex.williamson@redhat.com \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox