From: Dongli Zhang <dongli.zhang@oracle.com>
To: iommu@lists.linux-foundation.org, xen-devel@lists.xenproject.org,
x86@kernel.org, linuxppc-dev@lists.ozlabs.org,
virtualization@lists.linux-foundation.org
Cc: jgross@suse.com, sstabellini@kernel.org, mst@redhat.com,
konrad.wilk@oracle.com, mpe@ellerman.id.au,
dave.hansen@linux.intel.com, joe.jin@oracle.com,
linux-kernel@vger.kernel.org, hch@infradead.org,
mingo@redhat.com, bp@alien8.de, tglx@linutronix.de,
m.szyprowski@samsung.com
Subject: [PATCH RFC v1 7/7] swiotlb: fix the slot_addr() overflow
Date: Wed, 8 Jun 2022 17:55:53 -0700 [thread overview]
Message-ID: <20220609005553.30954-8-dongli.zhang@oracle.com> (raw)
In-Reply-To: <20220609005553.30954-1-dongli.zhang@oracle.com>
Since the type of swiotlb slot index is a signed integer, the
"((idx) << IO_TLB_SHIFT)" will returns incorrect value. As a result, the
slot_addr() returns a value which is smaller than the expected one.
E.g., the 'tlb_addr' generated in swiotlb_tbl_map_single() may return a
value smaller than the expected one. As a result, the swiotlb_bounce()
will access a wrong swiotlb slot.
Cc: Konrad Wilk <konrad.wilk@oracle.com>
Cc: Joe Jin <joe.jin@oracle.com>
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
---
kernel/dma/swiotlb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index 0dcdd25ea95d..c64e557de55c 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -531,7 +531,8 @@ static void swiotlb_bounce(struct device *dev, phys_addr_t tlb_addr, size_t size
}
}
-#define slot_addr(start, idx) ((start) + ((idx) << IO_TLB_SHIFT))
+#define slot_addr(start, idx) ((start) + \
+ (((unsigned long)idx) << IO_TLB_SHIFT))
/*
* Carefully handle integer overflow which can occur when boundary_mask == ~0UL.
--
2.17.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2022-06-09 0:59 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-09 0:55 [PATCH RFC v1 0/7] swiotlb: extra 64-bit buffer for dev->dma_io_tlb_mem Dongli Zhang
2022-06-09 0:55 ` [PATCH RFC v1 1/7] swiotlb: introduce the highmem swiotlb buffer Dongli Zhang
2022-06-09 5:04 ` Christoph Hellwig
2022-06-09 0:55 ` [PATCH RFC v1 2/7] swiotlb: change the signature of remap function Dongli Zhang
2022-06-09 0:55 ` [PATCH RFC v1 3/7] swiotlb-xen: support highmem for xen specific code Dongli Zhang
2022-06-09 5:08 ` Christoph Hellwig
2022-06-09 0:55 ` [PATCH RFC v1 4/7] swiotlb: to implement io_tlb_high_mem Dongli Zhang
2022-06-09 5:05 ` Christoph Hellwig
2022-06-10 21:56 ` Dongli Zhang
2022-06-13 6:04 ` Christoph Hellwig
2022-06-09 0:55 ` [PATCH RFC v1 5/7] swiotlb: add interface to set dev->dma_io_tlb_mem Dongli Zhang
2022-06-09 5:06 ` Christoph Hellwig
2022-06-09 0:55 ` [PATCH RFC v1 6/7] virtio: use io_tlb_high_mem if it is active Dongli Zhang
2022-06-09 5:07 ` Christoph Hellwig
2022-06-09 0:55 ` Dongli Zhang [this message]
2022-06-09 5:07 ` [PATCH RFC v1 7/7] swiotlb: fix the slot_addr() overflow Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220609005553.30954-8-dongli.zhang@oracle.com \
--to=dongli.zhang@oracle.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hch@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jgross@suse.com \
--cc=joe.jin@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=m.szyprowski@samsung.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=mst@redhat.com \
--cc=sstabellini@kernel.org \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).