LinuxLists.cc - [PATCH] iommu: amd: call free_iova_fast with pfn in map

2019-01-17 19:31:31

Subject: [PATCH] iommu: amd: call free_iova_fast with pfn in map_sg

In the error path of map_sg, free_iova_fast is being called with
address instead of the pfn. This results in a bad value getting into
the rcache, and can result in hitting a BUG_ON when
iova_magazine_free_pfns is called.

Cc: Joerg Roedel <[email protected]>
Cc: Suravee Suthikulpanit <[email protected]>
Signed-off-by: Jerry Snitselaar <[email protected]>
---
drivers/iommu/amd_iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 87ba23a75b38..418df8ff3e50 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -2623,7 +2623,7 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
}

out_free_iova:
- free_iova_fast(&dma_dom->iovad, address, npages);
+ free_iova_fast(&dma_dom->iovad, address >> PAGE_SHIFT, npages);

out_err:
return 0;
--
2.20.1.98.gecbdaf0899

2019-01-19 17:37:52

by Jerry Snitselaar

[permalink] [raw]

Subject: Re: [PATCH] iommu: amd: call free_iova_fast with pfn in map_sg

On Thu Jan 17 19, Jerry Snitselaar wrote:
>In the error path of map_sg, free_iova_fast is being called with
>address instead of the pfn. This results in a bad value getting into
>the rcache, and can result in hitting a BUG_ON when
>iova_magazine_free_pfns is called.
>
>Cc: Joerg Roedel <[email protected]>
>Cc: Suravee Suthikulpanit <[email protected]>
>Signed-off-by: Jerry Snitselaar <[email protected]>
>---
> drivers/iommu/amd_iommu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
>index 87ba23a75b38..418df8ff3e50 100644
>--- a/drivers/iommu/amd_iommu.c
>+++ b/drivers/iommu/amd_iommu.c
>@@ -2623,7 +2623,7 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
> }
>
> out_free_iova:
>- free_iova_fast(&dma_dom->iovad, address, npages);
>+ free_iova_fast(&dma_dom->iovad, address >> PAGE_SHIFT, npages);
>
> out_err:
> return 0;
>--
>2.20.1.98.gecbdaf0899
>

I forgot to add the Fixes line.

Fixes: 80187fd39dcb ("iommu/amd: Optimize map_sg and unmap_sg")

2019-01-22 11:00:02

by Joerg Roedel

[permalink] [raw]

Subject: Re: [PATCH] iommu: amd: call free_iova_fast with pfn in map_sg

On Thu, Jan 17, 2019 at 12:29:02PM -0700, Jerry Snitselaar wrote:
> In the error path of map_sg, free_iova_fast is being called with
> address instead of the pfn. This results in a bad value getting into
> the rcache, and can result in hitting a BUG_ON when
> iova_magazine_free_pfns is called.
>
> Cc: Joerg Roedel <[email protected]>
> Cc: Suravee Suthikulpanit <[email protected]>
> Signed-off-by: Jerry Snitselaar <[email protected]>

Applied, thanks.