Commit 1cc896ed authored by Robin Murphy's avatar Robin Murphy Committed by Joerg Roedel

iommu/dma: Don't touch invalid iova_domain members

When __iommu_dma_map() and iommu_dma_free_iova() are called from
iommu_dma_get_msi_page(), various iova_*() helpers are still invoked in
the process, whcih is unwise since they access a different member of the
union (the iova_domain) from that which was last written, and there's no
guarantee that sensible values will result anyway.

CLean up the code paths that are valid for an MSI cookie to ensure we
only do iova_domain-specific things when we're actually dealing with one.

Fixes: a44e6657 ("iommu/dma: Clean up MSI IOVA allocation")
Reported-by: default avatarNate Watterson <nwatters@codeaurora.org>
Tested-by: default avatarShanker Donthineni <shankerd@codeaurora.org>
Tested-by: default avatarBharat Bhushan <bharat.bhushan@nxp.com>
Signed-off-by: default avatarRobin Murphy <robin.murphy@arm.com>
Tested-by: default avatarEric Auger <eric.auger@redhat.com>
Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
parent 2ea659a9
...@@ -396,13 +396,13 @@ static void iommu_dma_free_iova(struct iommu_dma_cookie *cookie, ...@@ -396,13 +396,13 @@ static void iommu_dma_free_iova(struct iommu_dma_cookie *cookie,
dma_addr_t iova, size_t size) dma_addr_t iova, size_t size)
{ {
struct iova_domain *iovad = &cookie->iovad; struct iova_domain *iovad = &cookie->iovad;
unsigned long shift = iova_shift(iovad);
/* The MSI case is only ever cleaning up its most recent allocation */ /* The MSI case is only ever cleaning up its most recent allocation */
if (cookie->type == IOMMU_DMA_MSI_COOKIE) if (cookie->type == IOMMU_DMA_MSI_COOKIE)
cookie->msi_iova -= size; cookie->msi_iova -= size;
else else
free_iova_fast(iovad, iova >> shift, size >> shift); free_iova_fast(iovad, iova_pfn(iovad, iova),
size >> iova_shift(iovad));
} }
static void __iommu_dma_unmap(struct iommu_domain *domain, dma_addr_t dma_addr, static void __iommu_dma_unmap(struct iommu_domain *domain, dma_addr_t dma_addr,
...@@ -617,11 +617,14 @@ static dma_addr_t __iommu_dma_map(struct device *dev, phys_addr_t phys, ...@@ -617,11 +617,14 @@ static dma_addr_t __iommu_dma_map(struct device *dev, phys_addr_t phys,
{ {
struct iommu_domain *domain = iommu_get_domain_for_dev(dev); struct iommu_domain *domain = iommu_get_domain_for_dev(dev);
struct iommu_dma_cookie *cookie = domain->iova_cookie; struct iommu_dma_cookie *cookie = domain->iova_cookie;
struct iova_domain *iovad = &cookie->iovad; size_t iova_off = 0;
size_t iova_off = iova_offset(iovad, phys);
dma_addr_t iova; dma_addr_t iova;
size = iova_align(iovad, size + iova_off); if (cookie->type == IOMMU_DMA_IOVA_COOKIE) {
iova_off = iova_offset(&cookie->iovad, phys);
size = iova_align(&cookie->iovad, size + iova_off);
}
iova = iommu_dma_alloc_iova(domain, size, dma_get_mask(dev), dev); iova = iommu_dma_alloc_iova(domain, size, dma_get_mask(dev), dev);
if (!iova) if (!iova)
return DMA_ERROR_CODE; return DMA_ERROR_CODE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment