Re: [PATCH v2] iommu/dma: Fix MSI reservation allocation

From: Joerg Roedel
Date: Wed Mar 04 2020 - 10:28:26 EST

Next message: Qais Yousef: "Re: [PATCH v3 4/6] sched/rt: Allow pulling unfitting task"
Previous message: Express Loan South Africa: "Contact Paula 0679616466 For More Details"
In reply to: Robin Murphy: "Re: [PATCH v2] iommu/dma: Fix MSI reservation allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 04, 2020 at 11:11:17AM +0000, Marc Zyngier wrote:
> The way cookie_init_hw_msi_region() allocates the iommu_dma_msi_page
> structures doesn't match the way iommu_put_dma_cookie() frees them.
>
> The former performs a single allocation of all the required structures,
> while the latter tries to free them one at a time. It doesn't quite
> work for the main use case (the GICv3 ITS where the range is 64kB)
> when the base granule size is 4kB.
>
> This leads to a nice slab corruption on teardown, which is easily
> observable by simply creating a VF on a SRIOV-capable device, and
> tearing it down immediately (no need to even make use of it).
> Fortunately, this only affects systems where the ITS isn't translated
> by the SMMU, which are both rare and non-standard.
>
> Fix it by allocating iommu_dma_msi_page structures one at a time.
>
> Fixes: 7c1b058c8b5a3 ("iommu/dma: Handle IOMMU API reserved regions")
> Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
> Reviewed-by: Eric Auger <eric.auger@xxxxxxxxxx>
> Cc: Robin Murphy <robin.murphy@xxxxxxx>
> Cc: Joerg Roedel <jroedel@xxxxxxx>
> Cc: Will Deacon <will@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx

Applied for v5.6, thanks.

Next message: Qais Yousef: "Re: [PATCH v3 4/6] sched/rt: Allow pulling unfitting task"
Previous message: Express Loan South Africa: "Contact Paula 0679616466 For More Details"
In reply to: Robin Murphy: "Re: [PATCH v2] iommu/dma: Fix MSI reservation allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]