Received: by 2002:a17:90a:88:0:0:0:0 with SMTP id a8csp29275pja; Fri, 22 Nov 2019 03:02:56 -0800 (PST) X-Google-Smtp-Source: APXvYqxwl8mLa3xE4+kYQzjEEWmdGQgR+NkNlpPvQSiju2GarAi1BiVUTaMC7iWZ4PqNWgcFw6US X-Received: by 2002:aa7:dd9a:: with SMTP id g26mr304694edv.85.1574420575812; Fri, 22 Nov 2019 03:02:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574420575; cv=none; d=google.com; s=arc-20160816; b=ZDIv4U0W8FvX88PzSt9zstXaXxDVjnOKVOz4oyPS+9b20DdZ1Waprftyov8xGDWTmr kdCXgCqTTKyhqiJNBmJ5BNpVgPL8DOm01GXk39k8i1IZPwgtbocKBeObkxG4gZeeedFL P0iWJiTxUZ6FknkfuenNmGzQZ255t4feLVYaVyDqf38kRAbLTHODxdWeBVICwPKdsn6f s66uclXhdqdv6MCI7IQ2ANjShpiBopCrjXAYNQNt3sI8P0X7LklEeeRjVJ9jOLGXUB+J The84W48WxoxTmU9xDVHODUxqfcHcyv4szUhBecLS+G6HqH/Wzv7Q9Mfo0hwbLVKz6bp o0+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Cw3ZM1LZ95syt5NyJcx4GlhEIEixgxPDh6P7owyh4jg=; b=Rk4mpyq6i+7O3xgLObkPtVg3lDXd/gajID9gR+C5aPUdMQBajCLGaGteHno5l9gqcJ 4BPDDNPfXWvBxaEY8AfaBJPVAM7soVsufdkfybJevZxf4N7CfJBsNXyXrZrI/GyCXmky 1kQHU4kF4hikPr9FCgzC0wFAzy8WexZB/gMVuXnVct1FXvwql3H7JhSebvXqX3o4S+t7 NVs5nZpkl89JEv0IMY/NHWSG85wW6B+NaxfcGtVyoO1jRTXeeDVf4aDkU9zJSNwy30pn opBS3WXxhisBZWOP+HNmD/D+TLhyg69N23dsqkcT0sgyJ4hV+uYfgHAEm8fZtcPTtmSr 8fuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SbG+c69L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id gz9si3900952ejb.238.2019.11.22.03.02.22; Fri, 22 Nov 2019 03:02:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SbG+c69L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730885AbfKVK7R (ORCPT + 99 others); Fri, 22 Nov 2019 05:59:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:50060 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730387AbfKVK7O (ORCPT ); Fri, 22 Nov 2019 05:59:14 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 80F7620706; Fri, 22 Nov 2019 10:59:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574420354; bh=I3ZLCnIDcjBuO+pE/ZPwAvwz5deLJv3WIzNphLQ4FDQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SbG+c69L4N2YWtcWMvIjapUP3oaNyXwODrTuYvx/qjdUBuMxyPnF/duDOTk69InFt 0FHzPpYyGnbLsorSHJP8QfARDPAfFyjzqeObTJ5EwnWGx3OFgrIAF7a6fUiju3dhfx hUQXOVKUcAkHeKvD4bA0aLb/oNNcTfbLA0VtMTVM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Robin Murphy , Will Deacon , Sasha Levin Subject: [PATCH 4.19 034/220] iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() Date: Fri, 22 Nov 2019 11:26:39 +0100 Message-Id: <20191122100914.815994641@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191122100912.732983531@linuxfoundation.org> References: <20191122100912.732983531@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Robin Murphy [ Upstream commit 85c7a0f1ef624ef58173ef52ea77780257bdfe04 ] In removing the pagetable-wide lock, we gained the possibility of the vanishingly unlikely case where we have a race between two concurrent unmappers splitting the same block entry. The logic to handle this is fairly straightforward - whoever loses the race frees their partial next-level table and instead dereferences the winner's newly-installed entry in order to fall back to a regular unmap, which intentionally echoes the pre-existing case of recursively splitting a 1GB block down to 4KB pages by installing a full table of 2MB blocks first. Unfortunately, the chump who implemented that logic failed to update the condition check for that fallback, meaning that if said race occurs at the last level (where the loser's unmap_idx is valid) then the unmap won't actually happen. Fix that to properly account for both the race and recursive cases. Fixes: 2c3d273eabe8 ("iommu/io-pgtable-arm: Support lockless operation") Signed-off-by: Robin Murphy [will: re-jig control flow to avoid duplicate cmpxchg test] Signed-off-by: Will Deacon Signed-off-by: Sasha Levin --- drivers/iommu/io-pgtable-arm.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c index 88641b4560bc8..2f79efd16a052 100644 --- a/drivers/iommu/io-pgtable-arm.c +++ b/drivers/iommu/io-pgtable-arm.c @@ -574,13 +574,12 @@ static size_t arm_lpae_split_blk_unmap(struct arm_lpae_io_pgtable *data, return 0; tablep = iopte_deref(pte, data); + } else if (unmap_idx >= 0) { + io_pgtable_tlb_add_flush(&data->iop, iova, size, size, true); + return size; } - if (unmap_idx < 0) - return __arm_lpae_unmap(data, iova, size, lvl, tablep); - - io_pgtable_tlb_add_flush(&data->iop, iova, size, size, true); - return size; + return __arm_lpae_unmap(data, iova, size, lvl, tablep); } static size_t __arm_lpae_unmap(struct arm_lpae_io_pgtable *data, -- 2.20.1