review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	David Stevens <stevensd@chromium.org>
	Wed, 29 Sep 2021 02:33:00 +0000 (11:33 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 8 Apr 2022 12:24:17 +0000 (14:24 +0200)
commit	57c04fac80232e09440444d4a607fdaffd91b225
tree	1311ef631367d35edcbd70f40144b8eecaac801d	tree \| snapshot
parent	3e44e136560cb66dd5156889f811b870789b9499	commit \| diff

iommu/dma: Account for min_align_mask w/swiotlb

commit 2cbc61a1b1665c84282dbf2b1747ffa0b6248639 upstream.

Pass the non-aligned size to __iommu_dma_map when using swiotlb bounce
buffers in iommu_dma_map_page, to account for min_align_mask.

To deal with granule alignment, __iommu_dma_map maps iova_align(size +
iova_off) bytes starting at phys - iova_off. If iommu_dma_map_page
passes aligned size when using swiotlb, then this becomes
iova_align(iova_align(orig_size) + iova_off). Normally iova_off will be
zero when using swiotlb. However, this is not the case for devices that
set min_align_mask. When iova_off is non-zero, __iommu_dma_map ends up
mapping an extra page at the end of the buffer. Beyond just being a
security issue, the extra page is not cleaned up by __iommu_dma_unmap.
This causes problems when the IOVA is reused, due to collisions in the
iommu driver. Just passing the original size is sufficient, since
__iommu_dma_map will take care of granule alignment.

Fixes: 1f221a0d0dbf ("swiotlb: respect min_align_mask")
Signed-off-by: David Stevens <stevensd@chromium.org>
Link: https://lore.kernel.org/r/20210929023300.335969-8-stevensd@google.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>