Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp1363779ybj; Fri, 20 Sep 2019 09:16:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqxruAHK+cxjWQCug+q8m/xcZFPIjyZv4wwnc05ufotfVeeGiKE5HTafhZ1se4sVNEqby27i X-Received: by 2002:a17:906:4801:: with SMTP id w1mr11889172ejq.245.1568996181976; Fri, 20 Sep 2019 09:16:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568996181; cv=none; d=google.com; s=arc-20160816; b=0nlqKiPGfvQCi/5xTLnqcTETgS2Qv2tjySwFSCGBoRNxi+yn3pjTb+7qy5xXoZi/Be HxGx/qFWp280FTcwwy+dGUpWbcmUc1xU0WFs37BN0sjdFDnXZrUH4AEVtwSgdFK2KeXC blS0UHtFfP9y4KTBXR3MQcw+gBuQ+qtMRZuvYIlKEH326hTmNiq1XBlWPyUDAhfdAG2X BagO+8uZ+dsk/Mp9opNveCxYEWxS4gJYXUWBVIAUA2HCZxiE7a/FwCUiLfVx3DQIZT9g v9GTvgLGQsL9pV/nJx27/EonkJ8HJgKrKNaVu1BifCtue8ly+Z5LgVD8sk/L6UnroYRz NCTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bNWOxHDq2hsYCNwHllunjkGOO2cmXbr3oo75n2q59Mc=; b=qqVeTMSoD/rGaQICHk5dYhZljzzXN0sw6G3b3x0reTLZP+RwrPLoBi665pPH8GxI60 ASWpxSzi9ZMkXAv8CGQHHyFeVV9+7yXGOfr6WXtnF4o/NdssrsPvxFUXnIiv+KvB/Wa5 HPBVEAVPVv6LM5k0yKVmQ3taXrvABS3hxivqhbbYTSgnMAEP0oHwX8OabD+XJoVfIUgX 2E7ltrEv1mNNCeCpfLOvMMG9EDhvLBNKT8Q2GI0YFHbzyK5IFNcEPpTorDBVRBsTRvun DLSvv3liVPYyQ6WvaJA1Rip4lh13VDWbooKvc6VmL9NJg4QZwAvWga6Lna9olo0Xjbt2 rgww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LHkd+9i1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ca4si1405031ejb.39.2019.09.20.09.15.58; Fri, 20 Sep 2019 09:16:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LHkd+9i1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406858AbfISWdn (ORCPT + 99 others); Thu, 19 Sep 2019 18:33:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:49892 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2393549AbfISWLO (ORCPT ); Thu, 19 Sep 2019 18:11:14 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B74F7218AF; Thu, 19 Sep 2019 22:11:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1568931074; bh=M8QDHlclBiqqcG4kczDfCX8BbuxFzi0ECb4PydXMguo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LHkd+9i1cDpkMZKg2D2AvyqxwLMUBaaERLTyE52WzUg6oN+4dG9JZZTzguIIyynxz lMXt0YmOTXZk9EfQtSa5v7UvLZYj1wOJLovPy8iF8DCrvQd/ikC+dKDi+3kEXO/g1S 8zBS3Cz8NGKPPs03pWS1l5LXQiN4ac39EkLLZHvo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qian Cai , Joerg Roedel , Sasha Levin Subject: [PATCH 5.2 119/124] iommu/amd: Fix race in increase_address_space() Date: Fri, 20 Sep 2019 00:03:27 +0200 Message-Id: <20190919214823.506454697@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190919214819.198419517@linuxfoundation.org> References: <20190919214819.198419517@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel [ Upstream commit 754265bcab78a9014f0f99cd35e0d610fcd7dfa7 ] After the conversion to lock-less dma-api call the increase_address_space() function can be called without any locking. Multiple CPUs could potentially race for increasing the address space, leading to invalid domain->mode settings and invalid page-tables. This has been happening in the wild under high IO load and memory pressure. Fix the race by locking this operation. The function is called infrequently so that this does not introduce a performance regression in the dma-api path again. Reported-by: Qian Cai Fixes: 256e4621c21a ('iommu/amd: Make use of the generic IOVA allocator') Signed-off-by: Joerg Roedel Signed-off-by: Sasha Levin --- drivers/iommu/amd_iommu.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c index b265062edf6c8..3e687f18b203a 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -1425,18 +1425,21 @@ static void free_pagetable(struct protection_domain *domain) * another level increases the size of the address space by 9 bits to a size up * to 64 bits. */ -static bool increase_address_space(struct protection_domain *domain, +static void increase_address_space(struct protection_domain *domain, gfp_t gfp) { + unsigned long flags; u64 *pte; - if (domain->mode == PAGE_MODE_6_LEVEL) + spin_lock_irqsave(&domain->lock, flags); + + if (WARN_ON_ONCE(domain->mode == PAGE_MODE_6_LEVEL)) /* address space already 64 bit large */ - return false; + goto out; pte = (void *)get_zeroed_page(gfp); if (!pte) - return false; + goto out; *pte = PM_LEVEL_PDE(domain->mode, iommu_virt_to_phys(domain->pt_root)); @@ -1444,7 +1447,10 @@ static bool increase_address_space(struct protection_domain *domain, domain->mode += 1; domain->updated = true; - return true; +out: + spin_unlock_irqrestore(&domain->lock, flags); + + return; } static u64 *alloc_pte(struct protection_domain *domain, -- 2.20.1