Received: by 2002:a05:7412:b795:b0:e2:908c:2ebd with SMTP id iv21csp251661rdb; Thu, 2 Nov 2023 02:38:18 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGkylC2tyiI48V7s6cfZxFM36kOHoLGrjchpbYAKiCUfv6h/f+wjMK9e5GRNb+VpoUDKj28 X-Received: by 2002:a05:6a00:93a3:b0:68f:d1a7:1a3a with SMTP id ka35-20020a056a0093a300b0068fd1a71a3amr21216461pfb.8.1698917898114; Thu, 02 Nov 2023 02:38:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698917898; cv=none; d=google.com; s=arc-20160816; b=o33XkHdbnfiJXUIWH+S7fw96ezjKKqRTw53OyaLt4ZBNERDfRXE5E6Ypzqz1jTalo7 epKh2ohV7ukxcZPMBq4mgaUF9RlsHQGasbyAZI1Gn9VvY7BY4M33cBWJGZreGJPdl0Ie FmjnUvjereZfLLg6EpsXKLX5ddsCNKLQ6LrBC6LjC5wQghWPLXX8KMy+mZFJqYq/l36V Jh1RDcdWe2sufL92x0Wj3KsIPvZV2+rYlFZe5FvMZZGe0GkYHGUTRybK24tJ4ZRzgNND pnqf9SRnLe1JQJT19NURmvZ3fIlU9NUkPu74xEHHLxHJ8DWO3P03yzIi1P/AKcq+p44N R0aQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=gHxL6EQhNK+gC+toGS2970m+Iuvdmd2e5fJsttV/tUo=; fh=XS+WR6cEoKb0xG7zKlpl3PauNsVUB1tc0pZ0CWIEp6A=; b=J8P9xRWu3kZKp7+jA9ES1jFGmr8CmEuDtnyP6qIqceFs5d2maJXgJhLaPWV12Sc7Tk oXmGhXy3vJciNGISCVAaDC93arUmbWakBRE+t2oeHSZLtPu6Ykvnv4pBL4bsxQIjT4Pk iVWOSaC6+6Zc42e88J5QlJyaHygvrlrZfJ4r8ks+133izKfvYnODfBGepfbJchMr+Yf7 o7OMLL2mj6C0eJiGU9ssXeIydYMkjl/3vdKF3mdzjLc+0CemcEHpEARRR017Dlu/1Cj5 31AyAJwGKX3DIkRxH8Va9PtDFQ+1dHY+Dy/7g7p8xbLcMQd4o4MexEQG/4kLCerYpL/r kLvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id t29-20020a056a00139d00b006b7d62ed165si3475754pfg.94.2023.11.02.02.38.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Nov 2023 02:38:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id AB6DC80EA975; Thu, 2 Nov 2023 02:38:15 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345797AbjKBJiJ (ORCPT + 99 others); Thu, 2 Nov 2023 05:38:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345914AbjKBJiG (ORCPT ); Thu, 2 Nov 2023 05:38:06 -0400 Received: from frasgout13.his.huawei.com (frasgout13.his.huawei.com [14.137.139.46]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D46DE123 for ; Thu, 2 Nov 2023 02:38:02 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.18.147.228]) by frasgout13.his.huawei.com (SkyGuard) with ESMTP id 4SLdkQ4QT7z9y19H; Thu, 2 Nov 2023 17:24:46 +0800 (CST) Received: from huaweicloud.com (unknown [10.48.131.78]) by APP2 (Coremail) with SMTP id GxC2BwDnibXJbUNl0QNYAw--.58857S3; Thu, 02 Nov 2023 10:37:38 +0100 (CET) From: Petr Tesarik To: Christoph Hellwig , Marek Szyprowski , Robin Murphy , Greg Kroah-Hartman , Petr Tesarik , iommu@lists.linux.dev (open list:DMA MAPPING HELPERS), linux-kernel@vger.kernel.org (open list), patchwork@huawei.com Cc: Wangkefeng , Roberto Sassu , petr@tesarici.cz, Petr Tesarik , miaoxie@huawei.com, weiyongjun1@huawei.com, guohanjun@huawei.com, huawei.libin@huawei.com, yuehaibing@huawei.com, johnny.chenyi@huawei.com, leijitang@huawei.com, ming.fu@huawei.com, zhujianwei7@huawei.com, linuxarm@huawei.com, stable@vger.kernel.org, Rick Edgecombe Subject: [PATCH v2 1/1] swiotlb: do not free decrypted pages if dynamic Date: Thu, 2 Nov 2023 10:36:49 +0100 Message-Id: <20231102071821.431-2-petrtesarik@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231102071821.431-1-petrtesarik@huaweicloud.com> References: <20231102071821.431-1-petrtesarik@huaweicloud.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: GxC2BwDnibXJbUNl0QNYAw--.58857S3 X-Coremail-Antispam: 1UD129KBjvJXoWxCF1xAw1Uury3ur47tw15CFg_yoW5CF1xpF 4fCr1Sgr98tFy7CrWfAF4kCF9xGws5urWUCFW3Xw1rZwn8WryIkr9rCw18uayfJF4kua17 JrW0v3WayrsrZaUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUm014x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_Jr4l82xGYIkIc2 x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0 Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr0_Cr1l84 ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UM2AI xVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20x vE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xv r2IYc2Ij64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4IIrI8v6xkF7I0E8cxan2IY04 v7MxkF7I0Ew4C26cxK6c8Ij28IcwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWU JVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67 kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY 6xIIjxv20xvEc7CjxVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0x vEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVj vjDU0xZFpf9x0JU7pnQUUUUU= X-CM-SenderInfo: hshw23xhvd2x3n6k3tpzhluzxrxghudrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 02 Nov 2023 02:38:15 -0700 (PDT) Fix these two error paths: 1. When set_memory_decrypted() fails, pages may be left fully or partially decrypted. 2. Decrypted pages may be freed if swiotlb_alloc_tlb() determines that the physical address is too high. To fix the first issue, call set_memory_encrypted() on the allocated region after a failed decryption attempt. If that also fails, leak the pages. To fix the second issue, check that the TLB physical address is below the requested limit before decrypting. Let the caller differentiate between unsuitable physical address (=> retry from a lower zone) and allocation failures (=> no point in retrying). Cc: stable@vger.kernel.org Cc: Rick Edgecombe Fixes: 79636caad361 ("swiotlb: if swiotlb is full, fall back to a transient memory pool") Signed-off-by: Petr Tesarik --- kernel/dma/swiotlb.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c index dff067bd56b1..0e1632f75421 100644 --- a/kernel/dma/swiotlb.c +++ b/kernel/dma/swiotlb.c @@ -558,29 +558,40 @@ void __init swiotlb_exit(void) * alloc_dma_pages() - allocate pages to be used for DMA * @gfp: GFP flags for the allocation. * @bytes: Size of the buffer. + * @phys_limit: Maximum allowed physical address of the buffer. * * Allocate pages from the buddy allocator. If successful, make the allocated * pages decrypted that they can be used for DMA. * - * Return: Decrypted pages, or %NULL on failure. + * Return: Decrypted pages, %NULL on allocation failure, or ERR_PTR(-EAGAIN) + * if the allocated physical address was above @phys_limit. */ -static struct page *alloc_dma_pages(gfp_t gfp, size_t bytes) +static struct page *alloc_dma_pages(gfp_t gfp, size_t bytes, u64 phys_limit) { unsigned int order = get_order(bytes); struct page *page; + phys_addr_t paddr; void *vaddr; page = alloc_pages(gfp, order); if (!page) return NULL; - vaddr = page_address(page); + paddr = page_to_phys(page); + if (paddr + bytes - 1 > phys_limit) { + __free_pages(page, order); + return ERR_PTR(-EAGAIN); + } + + vaddr = phys_to_virt(paddr); if (set_memory_decrypted((unsigned long)vaddr, PFN_UP(bytes))) goto error; return page; error: - __free_pages(page, order); + /* Intentional leak if pages cannot be encrypted again. */ + if (!set_memory_encrypted((unsigned long)vaddr, PFN_UP(bytes))) + __free_pages(page, order); return NULL; } @@ -618,11 +629,7 @@ static struct page *swiotlb_alloc_tlb(struct device *dev, size_t bytes, else if (phys_limit <= DMA_BIT_MASK(32)) gfp |= __GFP_DMA32; - while ((page = alloc_dma_pages(gfp, bytes)) && - page_to_phys(page) + bytes - 1 > phys_limit) { - /* allocated, but too high */ - __free_pages(page, get_order(bytes)); - + while (IS_ERR(page = alloc_dma_pages(gfp, bytes, phys_limit))) { if (IS_ENABLED(CONFIG_ZONE_DMA32) && phys_limit < DMA_BIT_MASK(64) && !(gfp & (__GFP_DMA32 | __GFP_DMA))) -- 2.34.1