From patchwork Tue Dec 18 18:48:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Jones X-Patchwork-Id: 10736207 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BC1291399 for ; Tue, 18 Dec 2018 18:48:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE1AA2A10B for ; Tue, 18 Dec 2018 18:48:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A2A9F2A170; Tue, 18 Dec 2018 18:48:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4AA132A10B for ; Tue, 18 Dec 2018 18:48:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726819AbeLRSsw (ORCPT ); Tue, 18 Dec 2018 13:48:52 -0500 Received: from mx1.redhat.com ([209.132.183.28]:46106 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726451AbeLRSsw (ORCPT ); Tue, 18 Dec 2018 13:48:52 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8E21A73; Tue, 18 Dec 2018 18:48:52 +0000 (UTC) Received: from kamzik.brq.redhat.com (unknown [10.43.2.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 88E235D781; Tue, 18 Dec 2018 18:48:50 +0000 (UTC) From: Andrew Jones To: iommu@lists.linux-foundation.org, linux-acpi@vger.kernel.org Cc: joro@8bytes.org, lorenzo.pieralisi@arm.com, hanjun.guo@linaro.org, sudeep.holla@arm.com, robin.murphy@arm.com, eric.auger@redhat.com Subject: [PATCH 2/2] iommu/dma: Handle potential overflow in iommu_dma_init_domain Date: Tue, 18 Dec 2018 19:48:41 +0100 Message-Id: <20181218184841.20034-3-drjones@redhat.com> In-Reply-To: <20181218184841.20034-1-drjones@redhat.com> References: <20181218184841.20034-1-drjones@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 18 Dec 2018 18:48:52 +0000 (UTC) Sender: linux-acpi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-acpi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The sum of base and size may overflow, particularly considering there are cases where size will be U64_MAX. Also, end_pfn is unused, so we remove it. Finally, as size doesn't actually need to be IOMMU page aligned we remove it from the comment stating both it and base should be. I wonder if we shouldn't at least warn when base is not aligned? Signed-off-by: Andrew Jones --- drivers/iommu/dma-iommu.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c index d1b04753b204..a0b01398b15c 100644 --- a/drivers/iommu/dma-iommu.c +++ b/drivers/iommu/dma-iommu.c @@ -281,9 +281,9 @@ static void iommu_dma_flush_iotlb_all(struct iova_domain *iovad) * @size: Size of IOVA space * @dev: Device the domain is being initialised for * - * @base and @size should be exact multiples of IOMMU page granularity to - * avoid rounding surprises. If necessary, we reserve the page at address 0 - * to ensure it is an invalid IOVA. It is safe to reinitialise a domain, but + * @base should be an exact multiple of IOMMU page granularity to avoid + * rounding surprises. If necessary, we reserve the page at address 0 to + * ensure it is an invalid IOVA. It is safe to reinitialise a domain, but * any change which could make prior IOVAs invalid will fail. */ int iommu_dma_init_domain(struct iommu_domain *domain, dma_addr_t base, @@ -291,21 +291,24 @@ int iommu_dma_init_domain(struct iommu_domain *domain, dma_addr_t base, { struct iommu_dma_cookie *cookie = domain->iova_cookie; struct iova_domain *iovad = &cookie->iovad; - unsigned long order, base_pfn, end_pfn; + dma_addr_t max_addr = base + size - 1; + unsigned long order, base_pfn; int attr; if (!cookie || cookie->type != IOMMU_DMA_IOVA_COOKIE) return -EINVAL; + if (max_addr < base) + max_addr = U64_MAX; + /* Use the smallest supported page size for IOVA granularity */ order = __ffs(domain->pgsize_bitmap); base_pfn = max_t(unsigned long, 1, base >> order); - end_pfn = (base + size - 1) >> order; /* Check the domain allows at least some access to the device... */ if (domain->geometry.force_aperture) { if (base > domain->geometry.aperture_end || - base + size <= domain->geometry.aperture_start) { + max_addr < domain->geometry.aperture_start) { pr_warn("specified DMA range outside IOMMU capability\n"); return -EFAULT; }