mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-07 17:19:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/iommu
History
Changbin Du 665d3c7f1e iommu/vt-d: fix shift-out-of-bounds in bug checking 
[ Upstream commit 0dfc0c792d ]

It allows to flush more than 4GB of device TLBs. So the mask should be
64bit wide. UBSAN captured this fault as below.

[    3.760024] ================================================================================
[    3.768440] UBSAN: Undefined behaviour in drivers/iommu/dmar.c:1348:3
[    3.774864] shift exponent 64 is too large for 32-bit type 'int'
[    3.780853] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G     U            4.17.0-rc1+ #89
[    3.788661] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016
[    3.796034] Call Trace:
[    3.798472]  <IRQ>
[    3.800479]  dump_stack+0x90/0xfb
[    3.803787]  ubsan_epilogue+0x9/0x40
[    3.807353]  __ubsan_handle_shift_out_of_bounds+0x10e/0x170
[    3.812916]  ? qi_flush_dev_iotlb+0x124/0x180
[    3.817261]  qi_flush_dev_iotlb+0x124/0x180
[    3.821437]  iommu_flush_dev_iotlb+0x94/0xf0
[    3.825698]  iommu_flush_iova+0x10b/0x1c0
[    3.829699]  ? fq_ring_free+0x1d0/0x1d0
[    3.833527]  iova_domain_flush+0x25/0x40
[    3.837448]  fq_flush_timeout+0x55/0x160
[    3.841368]  ? fq_ring_free+0x1d0/0x1d0
[    3.845200]  ? fq_ring_free+0x1d0/0x1d0
[    3.849034]  call_timer_fn+0xbe/0x310
[    3.852696]  ? fq_ring_free+0x1d0/0x1d0
[    3.856530]  run_timer_softirq+0x223/0x6e0
[    3.860625]  ? sched_clock+0x5/0x10
[    3.864108]  ? sched_clock+0x5/0x10
[    3.867594]  __do_softirq+0x1b5/0x6f5
[    3.871250]  irq_exit+0xd4/0x130
[    3.874470]  smp_apic_timer_interrupt+0xb8/0x2f0
[    3.879075]  apic_timer_interrupt+0xf/0x20
[    3.883159]  </IRQ>
[    3.885255] RIP: 0010:poll_idle+0x60/0xe7
[    3.889252] RSP: 0018:ffffb1b201943e30 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[    3.896802] RAX: 0000000080200000 RBX: 000000000000008e RCX: 000000000000001f
[    3.903918] RDX: 0000000000000000 RSI: 000000002819aa06 RDI: 0000000000000000
[    3.911031] RBP: ffff9e93c6b33280 R08: 00000010f717d567 R09: 000000000010d205
[    3.918146] R10: ffffb1b201943df8 R11: 0000000000000001 R12: 00000000e01b169d
[    3.925260] R13: 0000000000000000 R14: ffffffffb12aa400 R15: 0000000000000000
[    3.932382]  cpuidle_enter_state+0xb4/0x470
[    3.936558]  do_idle+0x222/0x310
[    3.939779]  cpu_startup_entry+0x78/0x90
[    3.943693]  start_secondary+0x205/0x2e0
[    3.947607]  secondary_startup_64+0xa5/0xb0
[    3.951783] ================================================================================

Signed-off-by: Changbin Du <changbin.du@intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-06-21 04:02:53 +09:00
..
amd_iommu.c iommu/amd: Take into account that alloc_dev_data() may return NULL 2018-05-30 07:52:27 +02:00
amd_iommu_init.c iommu/amd: pr_err() strings should end with newlines 2017-09-27 17:01:35 +02:00
amd_iommu_proto.h IOMMU Updates for Linux v4.14 2017-09-09 15:03:24 -07:00
amd_iommu_types.h IOMMU Updates for Linux v4.14 2017-09-09 15:03:24 -07:00
amd_iommu_v2.c IOMMU Updates for Linux v4.14 2017-09-09 15:03:24 -07:00
arm-smmu-regs.h iommu/arm-smmu: Split out register defines 2017-08-15 17:34:48 +02:00
arm-smmu-v3.c iommu/arm-smmu-v3: Cope with duplicated Stream IDs 2018-01-10 09:31:21 +01:00
arm-smmu.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
dma-iommu.c IOMMU Updates for Linux v4.13 2017-07-12 10:00:04 -07:00
dmar.c iommu/vt-d: fix shift-out-of-bounds in bug checking 2018-06-21 04:02:53 +09:00
exynos-iommu.c iommu/exynos: Don't unconditionally steal bus ops 2018-04-26 11:02:06 +02:00
fsl_pamu.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
fsl_pamu.h iommu/pamu: Fix PAMU boot crash 2017-08-23 16:28:09 +02:00
fsl_pamu_domain.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
fsl_pamu_domain.h iommu/pamu: Fix PAMU boot crash 2017-08-23 16:28:09 +02:00
intel-iommu.c iommu/vt-d: Use domain instead of cache fetching 2018-04-26 11:02:06 +02:00
intel-svm.c iommu/vt-d: Fix a potential memory leak 2018-04-24 09:36:33 +02:00
intel_irq_remapping.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
io-pgtable-arm-v7s.c iommu/io-pgtable-arm-v7s: Need dma-sync while there is no QUIRK_NO_DMA 2017-09-27 16:56:17 +02:00
io-pgtable-arm.c iommu/io-pgtable: Sanitise map/unmap addresses 2017-07-20 10:30:28 +01:00
io-pgtable.c iommu/io-pgtable: Fix a brace coding style issue. 2016-04-05 15:34:29 +02:00
io-pgtable.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu-sysfs.c iommu: Fix wrong freeing of iommu_device->dev 2017-08-15 13:58:48 +02:00
iommu-traces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
iova.c iommu/iova: Add flush timer 2017-08-15 18:23:52 +02:00
ipmmu-vmsa.c iommu/ipmmu-vmsa: Make ipmmu_gather_ops const 2017-08-30 15:10:53 +02:00
irq_remapping.c x86/cpufeature: Replace cpu_has_apic with boot_cpu_has() usage 2016-04-13 11:37:41 +02:00
irq_remapping.h
Kconfig iommu/qcom: Depend on HAS_DMA to fix compile error 2017-09-19 15:30:41 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
msm_iommu.c iommu/msm: Add iommu_group support 2017-08-10 00:03:50 +02:00
msm_iommu.h iommu/msm: Make use of iommu_device_register interface 2017-02-10 13:44:57 +01:00
msm_iommu_hw-8xxx.h
mtk_iommu.c iommu/mediatek: Fix protect memory setting 2018-05-30 07:52:30 +02:00
mtk_iommu.h iommu/mediatek: Fix protect memory setting 2018-05-30 07:52:30 +02:00
mtk_iommu_v1.c iommu/mediatek: Fix driver name 2017-12-20 10:10:24 +01:00
of_iommu.c iommu/of: Remove PCI host bridge node check 2017-09-22 12:05:43 +02:00
omap-iommu-debug.c iommu/omap: Align code with open parenthesis 2016-04-05 17:53:20 +02:00
omap-iommu.c iommu/omap: Use DMA-API for performing cache flushes 2017-08-04 11:59:29 +02:00
omap-iommu.h iommu/omap: Use DMA-API for performing cache flushes 2017-08-04 11:59:29 +02:00
omap-iopgtable.h
qcom_iommu.c iommu: qcom: annotate PM functions as __maybe_unused 2017-08-28 11:24:52 +02:00
rockchip-iommu.c Merge branches 'arm/exynos', 'arm/renesas', 'arm/rockchip', 'arm/omap', 'arm/mediatek', 'arm/tegra', 'arm/qcom', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd', 's390' and 'core' into next 2017-09-01 11:31:42 +02:00
s390-iommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tegra-gart.c iommu/tegra-gart: Add support for struct iommu_device 2017-08-17 16:31:34 +02:00
tegra-smmu.c arm/tegra: Call bus_set_iommu() after iommu_device_register() 2017-08-30 17:28:32 +02:00