mirror of
git://git.yoctoproject.org/linux-yocto.git
synced 2025-10-23 07:23:12 +02:00
![]() commit dce043c07ca1ac19cfbe2844a6dc71e35c322353 upstream.
switch_to_super_page() assumes the memory range it's working on is aligned
to the target large page level. Unfortunately, __domain_mapping() doesn't
take this into account when using it, and will pass unaligned ranges
ultimately freeing a PTE range larger than expected.
Take for example a mapping with the following iov_pfn range [0x3fe400,
0x4c0600), which should be backed by the following mappings:
iov_pfn [0x3fe400, 0x3fffff] covered by 2MiB pages
iov_pfn [0x400000, 0x4bffff] covered by 1GiB pages
iov_pfn [0x4c0000, 0x4c05ff] covered by 2MiB pages
Under this circumstance, __domain_mapping() will pass [0x400000, 0x4c05ff]
to switch_to_super_page() at a 1 GiB granularity, which will in turn
free PTEs all the way to iov_pfn 0x4fffff.
Mitigate this by rounding down the iov_pfn range passed to
switch_to_super_page() in __domain_mapping()
to the target large page level.
Additionally add range alignment checks to switch_to_super_page.
Fixes:
|
||
---|---|---|
.. | ||
amd | ||
arm | ||
intel | ||
apple-dart.c | ||
dma-iommu.c | ||
dma-iommu.h | ||
exynos-iommu.c | ||
fsl_pamu_domain.c | ||
fsl_pamu_domain.h | ||
fsl_pamu.c | ||
fsl_pamu.h | ||
hyperv-iommu.c | ||
io-pgfault.c | ||
io-pgtable-arm-v7s.c | ||
io-pgtable-arm.c | ||
io-pgtable-arm.h | ||
io-pgtable-dart.c | ||
io-pgtable.c | ||
ioasid.c | ||
iommu-debugfs.c | ||
iommu-sva-lib.c | ||
iommu-sva-lib.h | ||
iommu-sysfs.c | ||
iommu-traces.c | ||
iommu.c | ||
iova.c | ||
ipmmu-vmsa.c | ||
irq_remapping.c | ||
irq_remapping.h | ||
Kconfig | ||
Makefile | ||
msm_iommu_hw-8xxx.h | ||
msm_iommu.c | ||
msm_iommu.h | ||
mtk_iommu_v1.c | ||
mtk_iommu.c | ||
of_iommu.c | ||
omap-iommu-debug.c | ||
omap-iommu.c | ||
omap-iommu.h | ||
omap-iopgtable.h | ||
rockchip-iommu.c | ||
s390-iommu.c | ||
sprd-iommu.c | ||
sun50i-iommu.c | ||
tegra-gart.c | ||
tegra-smmu.c | ||
virtio-iommu.c |