From: Yunfei Wang <[email protected]>
In __arm_v7s_alloc_table function:
iommu call kmem_cache_alloc to allocate page table, this function
allocate memory may fail, when kmem_cache_alloc fails to allocate
table, call virt_to_phys will be abnomal and return unexpected phys
and goto out_free, then call kmem_cache_free to release table will
trigger KE, __get_free_pages and free_pages have similar problem,
so add error handle for page table allocation failure.
Signed-off-by: Yunfei Wang <[email protected]>
---
drivers/iommu/io-pgtable-arm-v7s.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c
index bfb6acb651e5..d84240308f4b 100644
--- a/drivers/iommu/io-pgtable-arm-v7s.c
+++ b/drivers/iommu/io-pgtable-arm-v7s.c
@@ -246,6 +246,12 @@ static void *__arm_v7s_alloc_table(int lvl, gfp_t gfp,
__GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size));
else if (lvl == 2)
table = kmem_cache_zalloc(data->l2_tables, gfp);
+
+ if (!table) {
+ dev_err(dev, "Page table allocation failure lvl:%d\n", lvl);
+ return NULL;
+ }
+
phys = virt_to_phys(table);
if (phys != (arm_v7s_iopte)phys) {
/* Doesn't fit in PTE */
--
2.18.0
On Tue, Dec 07, 2021 at 10:47:22AM +0800, [email protected] wrote:
> From: Yunfei Wang <[email protected]>
>
> In __arm_v7s_alloc_table function:
> iommu call kmem_cache_alloc to allocate page table, this function
> allocate memory may fail, when kmem_cache_alloc fails to allocate
> table, call virt_to_phys will be abnomal and return unexpected phys
> and goto out_free, then call kmem_cache_free to release table will
> trigger KE, __get_free_pages and free_pages have similar problem,
> so add error handle for page table allocation failure.
>
> Signed-off-by: Yunfei Wang <[email protected]>
> ---
> drivers/iommu/io-pgtable-arm-v7s.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c
> index bfb6acb651e5..d84240308f4b 100644
> --- a/drivers/iommu/io-pgtable-arm-v7s.c
> +++ b/drivers/iommu/io-pgtable-arm-v7s.c
> @@ -246,6 +246,12 @@ static void *__arm_v7s_alloc_table(int lvl, gfp_t gfp,
> __GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size));
> else if (lvl == 2)
> table = kmem_cache_zalloc(data->l2_tables, gfp);
> +
> + if (!table) {
> + dev_err(dev, "Page table allocation failure lvl:%d\n", lvl);
I'd expect the allocator to shout loudly on failure anyway, so I don't think
we need to print another message here.
Will
From: Yunfei Wang <[email protected]>
In __arm_v7s_alloc_table function:
iommu call kmem_cache_alloc to allocate page table, this function
allocate memory may fail, when kmem_cache_alloc fails to allocate
table, call virt_to_phys will be abnomal and return unexpected phys
and goto out_free, then call kmem_cache_free to release table will
trigger KE, __get_free_pages and free_pages have similar problem,
so add error handle for page table allocation failure.
Fixes: 29859aeb8a6ea ("iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE")
Signed-off-by: Yunfei Wang <[email protected]>
Cc: <[email protected]> # 5.10.*
---
v3: Update patch
1. Remove unnecessary log print as suggested by Will.
2. Remove unnecessary condition check.
v2: Cc [email protected]
1. This patch needs to be merged stable branch, add [email protected]
in mail list.
2. There is No new code change in v2.
---
drivers/iommu/io-pgtable-arm-v7s.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c
index bfb6acb651e5..be066c1503d3 100644
--- a/drivers/iommu/io-pgtable-arm-v7s.c
+++ b/drivers/iommu/io-pgtable-arm-v7s.c
@@ -246,13 +246,17 @@ static void *__arm_v7s_alloc_table(int lvl, gfp_t gfp,
__GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size));
else if (lvl == 2)
table = kmem_cache_zalloc(data->l2_tables, gfp);
+
+ if (!table)
+ return NULL;
+
phys = virt_to_phys(table);
if (phys != (arm_v7s_iopte)phys) {
/* Doesn't fit in PTE */
dev_err(dev, "Page table does not fit in PTE: %pa", &phys);
goto out_free;
}
- if (table && !cfg->coherent_walk) {
+ if (!cfg->coherent_walk) {
dma = dma_map_single(dev, table, size, DMA_TO_DEVICE);
if (dma_mapping_error(dev, dma))
goto out_free;
--
2.18.0
On 2021-12-07 11:33, [email protected] wrote:
> From: Yunfei Wang <[email protected]>
>
> In __arm_v7s_alloc_table function:
> iommu call kmem_cache_alloc to allocate page table, this function
> allocate memory may fail, when kmem_cache_alloc fails to allocate
> table, call virt_to_phys will be abnomal and return unexpected phys
> and goto out_free, then call kmem_cache_free to release table will
> trigger KE, __get_free_pages and free_pages have similar problem,
> so add error handle for page table allocation failure.
>
> Fixes: 29859aeb8a6ea ("iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE")
> Signed-off-by: Yunfei Wang <[email protected]>
> Cc: <[email protected]> # 5.10.*
Is this genuinely a realistic issue which distro users can hit? In
practice, a system that can't allocate 2KB is already dead and almost
certainly isn't coming back either way.
Still, v3 has managed to address my other review comments before I'd
even finished writing them, so for the change itself,
Acked-by: Robin Murphy <[email protected]>
Thanks,
Robin.
> ---
> v3: Update patch
> 1. Remove unnecessary log print as suggested by Will.
> 2. Remove unnecessary condition check.
> v2: Cc [email protected]
> 1. This patch needs to be merged stable branch, add [email protected]
> in mail list.
> 2. There is No new code change in v2.
>
> ---
> drivers/iommu/io-pgtable-arm-v7s.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c
> index bfb6acb651e5..be066c1503d3 100644
> --- a/drivers/iommu/io-pgtable-arm-v7s.c
> +++ b/drivers/iommu/io-pgtable-arm-v7s.c
> @@ -246,13 +246,17 @@ static void *__arm_v7s_alloc_table(int lvl, gfp_t gfp,
> __GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size));
> else if (lvl == 2)
> table = kmem_cache_zalloc(data->l2_tables, gfp);
> +
> + if (!table)
> + return NULL;
> +
> phys = virt_to_phys(table);
> if (phys != (arm_v7s_iopte)phys) {
> /* Doesn't fit in PTE */
> dev_err(dev, "Page table does not fit in PTE: %pa", &phys);
> goto out_free;
> }
> - if (table && !cfg->coherent_walk) {
> + if (!cfg->coherent_walk) {
> dma = dma_map_single(dev, table, size, DMA_TO_DEVICE);
> if (dma_mapping_error(dev, dma))
> goto out_free;
>
On Tue, 7 Dec 2021 19:33:15 +0800, [email protected] wrote:
> From: Yunfei Wang <[email protected]>
>
> In __arm_v7s_alloc_table function:
> iommu call kmem_cache_alloc to allocate page table, this function
> allocate memory may fail, when kmem_cache_alloc fails to allocate
> table, call virt_to_phys will be abnomal and return unexpected phys
> and goto out_free, then call kmem_cache_free to release table will
> trigger KE, __get_free_pages and free_pages have similar problem,
> so add error handle for page table allocation failure.
>
> [...]
Applied to will (for-joerg/arm-smmu/updates), thanks!
[1/1] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
https://git.kernel.org/will/c/a556cfe4cabc
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev