OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers
History
Alex Williamson 08336fd218 intel-iommu: fix off-by-one in pagetable freeing 
dma_pte_free_level() has an off-by-one error when checking whether a pte
is completely covered by a range.  Take for example the case of
attempting to free pfn 0x0 - 0x1ff, ie.  512 entries covering the first
2M superpage.

The level_size() is 0x200 and we test:

  static void dma_pte_free_level(...
	...

	if (!(0 > 0 || 0x1ff < 0 + 0x200)) {
		...
	}

Clearly the 2nd test is true, which means we fail to take the branch to
clear and free the pagetable entry.  As a result, we're leaking
pagetables and failing to install new pages over the range.

This was found with a PCI device assigned to a QEMU guest using vfio-pci
without a VGA device present.  The first 1M of guest address space is
mapped with various combinations of 4K pages, but eventually the range
is entirely freed and replaced with a 2M contiguous mapping.
intel-iommu errors out with something like:

  ERROR: DMA PTE for vPFN 0x0 already set (to 5c2b8003 not 849c00083)

In this case 5c2b8003 is the pointer to the previous leaf page that was
neither freed nor cleared and 849c00083 is the superpage entry that
we're trying to replace it with.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2014-01-21 16:19:41 -08:00
..
accessibility
acpi Merge branch 'x86-ras-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-01-20 12:10:27 -08:00
amba
ata Merge branch 'for-3.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2014-01-09 09:08:23 +08:00
atm
auxdisplay
base Revert "kernfs, sysfs, driver-core: implement kernfs_remove_self() and its wrappers" 2014-01-13 14:05:13 -08:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2014-01-20 09:24:31 -08:00
bluetooth Bluetooth: Add support for Toshiba Bluetooth device [0930:0220] 2013-12-04 11:11:49 -02:00
bus
cdrom
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2014-01-21 09:06:02 -08:00
clk Merge branch 'for-next' into for-linus 2014-01-20 10:20:14 +01:00
clocksource Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-01-20 11:34:26 -08:00
connector
cpufreq intel_pstate: Add X86_FEATURE_APERFMPERF to cpu match parameters. 2014-01-06 22:16:14 +01:00
cpuidle ARM/cpuidle: remove __init tag from Calxeda cpuidle probe function 2013-12-30 11:55:20 +01:00
crypto crypto: ixp4xx - Fix kernel compile error 2014-01-01 14:06:23 +08:00
dca
devfreq
dio
dma Merge branch 'for-next' into for-linus 2014-01-20 10:20:14 +01:00
edac Merge branch 'x86-ras-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-01-20 12:10:27 -08:00
eisa
extcon extcon: gpio: Add power resume support 2014-01-09 09:53:30 +09:00
firewire firewire: sbp2: bring back WRITE SAME support 2013-12-15 16:32:32 +01:00
firmware Driver core / sysfs patches for 3.14-rc1 2014-01-20 15:49:44 -08:00
fmc
gpio MFD changes due for the v3.14 merge window 2014-01-21 10:58:17 -08:00
gpu drm/nouveau/mxm: fix null deref on load 2014-01-19 18:28:30 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2013-12-13 13:21:28 -08:00
hsi
hv drivers: hv: Mark the function hv_synic_free_cpu() as static in hv.c 2013-12-18 16:41:52 -08:00
hwmon hwmon: (k10temp) Add support for Kaveri CPUs 2014-01-14 21:36:54 -08:00
hwspinlock
i2c i2c: s3c2410: fix quirk usage for 64-bit 2014-01-16 11:18:24 +01:00
ide zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00
idle Merge branch 'x86/idle' into sched/core 2014-01-13 17:37:05 +01:00
iio MFD changes due for the v3.14 merge window 2014-01-21 10:58:17 -08:00
infiniband infiniband: make sure the src net is infiniband when create new link 2014-01-03 20:38:56 -05:00
input MFD changes due for the v3.14 merge window 2014-01-21 10:58:17 -08:00
iommu intel-iommu: fix off-by-one in pagetable freeing 2014-01-21 16:19:41 -08:00
ipack
irqchip Renesas ARM based SoC fixes for v3.13 2013-12-20 11:28:30 -08:00
isdn isdn: Drop big endian cpp checks from telespci and hfc_pci drivers 2014-01-06 15:50:51 -05:00
leds GPIO tree bulk changes for v3.14 2014-01-21 10:09:12 -08:00
lguest
macintosh Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2014-01-20 09:24:31 -08:00
mailbox
md Driver core / sysfs patches for 3.14-rc1 2014-01-20 15:49:44 -08:00
media [media] videobuf2-dma-sg: fix possible memory leak 2013-12-10 05:40:57 -02:00
memory
memstick
message
mfd MFD changes due for the v3.14 merge window 2014-01-21 10:58:17 -08:00
misc Driver core / sysfs patches for 3.14-rc1 2014-01-20 15:49:44 -08:00
mmc ARM: s3c24xx: explicit dependency on <plat/gpio-cfg.h> 2014-01-14 15:24:54 +01:00
mtd Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2014-01-06 12:20:45 +11:00
net Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-01-20 10:25:12 -08:00
nfc
ntb NTB driver bug fixes to address a missed call to pci_enable_msix, 2013-11-26 11:15:12 -08:00
nubus
of Merge remote-tracking branch 'grant/devicetree/merge' into dt-fixes 2013-12-30 12:09:47 -06:00
oprofile
parisc
parport TTY/Serial driver patches for 3.14-rc1 2014-01-20 16:05:23 -08:00
pci Revert "pci: use device_remove_file_self() instead of device_schedule_callback()" 2014-01-13 14:03:06 -08:00
pcmcia pcmcia: Remove superfluous name casts 2013-12-08 22:47:13 -08:00
phy USB patches for 3.14-rc1 2014-01-20 16:13:02 -08:00
pinctrl MFD changes due for the v3.14 merge window 2014-01-21 10:58:17 -08:00
platform sony-laptop: do not scribble keyboard backlight registers on resume 2013-11-26 13:03:36 +09:00
pnp PNP: fix restoring devices after hibernation 2013-12-05 02:01:55 +01:00
power max17042_battery: Add IRQF_ONESHOT flag to use default irq handler 2013-12-23 18:59:41 -08:00
powercap powercap / RAPL: add support for ValleyView Soc 2013-12-22 01:27:51 +01:00
pps
ps3
ptp
pwm pwm: Add LP3943 PWM driver 2014-01-21 08:28:00 +00:00
rapidio
regulator mfd: mc13xxx: Remove useless symbol MFD_MC13783 2014-01-21 08:28:09 +00:00
remoteproc
reset
rpmsg
rtc Merge branch 'fortglx/3.14/time' of git://git.linaro.org/people/john.stultz/linux into timers/core 2014-01-12 14:13:31 +01:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2014-01-20 09:23:31 -08:00
sbus
scsi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2014-01-20 09:24:31 -08:00
sfi
sh
sn
spi Merge remote-tracking branches 'asoc/topic/ad1836', 'asoc/topic/ad193x', 'asoc/topic/adav80x', 'asoc/topic/adsp', 'asoc/topic/ak4641', 'asoc/topic/ak4642', 'asoc/topic/arizona', 'asoc/topic/atmel', 'asoc/topic/au1x', 'asoc/topic/axi', 'asoc/topic/bcm2835', 'asoc/topic/blackfin', 'asoc/topic/cs4271', 'asoc/topic/cs42l52', 'asoc/topic/da7210', 'asoc/topic/davinci', 'asoc/topic/ep93xx', 'asoc/topic/fsl', 'asoc/topic/fsl-mxs', 'asoc/topic/generic', 'asoc/topic/hdmi', 'asoc/topic/jack', 'asoc/topic/jz4740', 'asoc/topic/max98090', 'asoc/topic/mxs', 'asoc/topic/omap', 'asoc/topic/pxa', 'asoc/topic/rcar', 'asoc/topic/s6000', 'asoc/topic/sai', 'asoc/topic/samsung', 'asoc/topic/sgtl5000', 'asoc/topic/spear', 'asoc/topic/ssm2518', 'asoc/topic/ssm2602', 'asoc/topic/tegra', 'asoc/topic/tlv320aic3x', 'asoc/topic/twl6040', 'asoc/topic/txx9', 'asoc/topic/uda1380', 'asoc/topic/width', 'asoc/topic/wm8510', 'asoc/topic/wm8523', 'asoc/topic/wm8580', 'asoc/topic/wm8711', 'asoc/topic/wm8728', 'asoc/topic/wm8731', 'asoc/topic/wm8741', 'asoc/topic/wm8750', 'asoc/topic/wm8753', 'asoc/topic/wm8776', 'asoc/topic/wm8804', 'asoc/topic/wm8900', 'asoc/topic/wm8901', 'asoc/topic/wm8940', 'asoc/topic/wm8962', 'asoc/topic/wm8974', 'asoc/topic/wm8985', 'asoc/topic/wm8988', 'asoc/topic/wm8990', 'asoc/topic/wm8991', 'asoc/topic/wm8994', 'asoc/topic/wm8995', 'asoc/topic/wm9081' and 'asoc/topic/x86' into asoc-next 2014-01-02 13:01:55 +00:00
ssb
staging USB patches for 3.14-rc1 2014-01-20 16:13:02 -08:00
target target: Remove extra percpu_ref_init 2013-12-19 14:49:54 -08:00
tc
thermal sched, thermal: Clean up preempt_enable_no_resched() abuse 2014-01-13 17:39:18 +01:00
tty tty/serial: at91: disable uart timer at start of shutdown 2014-01-13 15:55:59 -08:00
uio uio: fix devm_request_irq usage 2013-12-20 08:49:17 -08:00
usb USB patches for 3.14-rc1 2014-01-20 16:13:02 -08:00
uwb uwb: move mutex_lock to error case in uwbd_evt_handle_rc_bp_slot_change 2013-12-20 12:19:44 -08:00
vfio
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-11-22 10:52:03 -08:00
video Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2014-01-20 09:24:31 -08:00
virt
virtio virtio_balloon: update_balloon_size(): update correct field 2013-12-05 13:12:39 +10:30
vlynq
vme vme: Convert VME core to register as a subsystem 2013-12-17 17:06:19 -08:00
w1 w1: mxc_w1: Check the clk_prepare_enable() return value 2013-12-08 22:41:48 -08:00
watchdog Watchdog: pcwd_usb: remove CONFIG_USB_DEBUG usage 2014-01-07 16:15:39 -08:00
xen Bug-fixes: 2013-12-20 09:34:54 -08:00
zorro zorro/UAPI: Use proper types (endianness/size) in <linux/zorro.h> 2013-11-26 11:09:09 +01:00
Kconfig
Makefile