[PATCH] iommu/amd: Check PM_LEVEL_SIZE() condition in locked section
From: Joerg Roedel
Date: Fri Oct 18 2019 - 05:38:38 EST
On Thu, Oct 17, 2019 at 07:36:51AM -0400, Qian Cai wrote:
> > On Oct 16, 2019, at 6:59 PM, Jerry Snitselaar <jsnitsel@xxxxxxxxxx> wrote:
> > I guess the mode level 6 check is really for other potential callers
> > increase_address_space, none exist at the moment, and the condition
> > of the while loop in alloc_pte should fail if the mode level is 6.
> Because there is no locking around iommu_map_page(), if there are
> several concurrent callers of it for the same domain, could it be that
> it silently corrupt data due to invalid access?
No, that can't happen because increase_address_space locks the domain
before actually doing anything. So the address space can't grow above
domain->mode == 6. But what can happen is that the WARN_ON_ONCE triggers
in there and that the address space is increased multiple times when
only one increase would be sufficient.
To fix this we just need to check the PM_LEVEL_SIZE() condition again
when we hold the lock: