173811 – iommu: alloc_iova doesn't validate if limit_pfn is in desired dma range

Bug 173811 - iommu: alloc_iova doesn't validate if limit_pfn is in desired dma range

Summary: iommu: alloc_iova doesn't validate if limit_pfn is in desired dma range

Status:	NEW

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	drivers_other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-29 17:58 UTC by Krishna Reddy
Modified:	2016-09-29 17:58 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	4.7
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Krishna Reddy 2016-09-29 17:58:11 UTC

In drivers/iommu/iova.c, alloc_iova() doesn't validate if limit_pfn is in the valid dma range.

iommu_dma_alloc() in drivers/iommu/dma_iommu.c calls __alloc_iova with dma_mask as dma_limit.
This dma_limit can be outside the dma range set for the device.
dma ranges come from DT nodes and device drivers usually have no knowledge of dma ranges used or no need to care as IOMMU is abstracted by DMA framework. Drivers set the mask based on the width of addresses HW module supports and dma range don't always need to end at max address.

alloc_iova() allocates the IOVA based on the limit_pfn. Instead, it should adjust the limit_pfn based on the iovad's start_pfn and dma_32bit_pfn and either go ahead or fail the request.

This can be fixed at either caller level or at alloc_iova(). Fixing at alloc_iova() seem to be the right place.

Note You need to log in before you can comment on or make changes to this bug.