Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / b98e34f0c6f1c4ac7af41afecc4a26f5f2ebe68d
commitb98e34f0c6f1c4ac7af41afecc4a26f5f2ebe68d[log] [tgz]
authorRussell King <rmk+kernel@arm.linux.org.uk>Mon Jul 27 13:29:05 2015 +0100
committerThierry Reding <treding@nvidia.com>Thu Aug 13 16:06:37 2015 +0200
treed9be0064cc9b838dff0aef519dc7d903a9808d19
parent9113785c3e918187b6b0c084c60e0344a2f1685c [diff]
iommu/tegra-smmu: Fix unmap() method

The Tegra SMMU unmap path has several problems:
1. as_pte_put() can perform a write-after-free
2. tegra_smmu_unmap() can perform cache maintanence on a page we have
   just freed.
3. when a page table is unmapped, there is no CPU cache maintanence of
   the write clearing the page directory entry, nor is there any
   maintanence of the IOMMU to ensure that it sees the page table has
   gone.

Fix this by getting rid of as_pte_put(), and instead coding the PTE
unmap separately from the PDE unmap, placing the PDE unmap after the
PTE unmap has been completed.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Thierry Reding <treding@nvidia.com>
1 file changed
tree: d9be0064cc9b838dff0aef519dc7d903a9808d19
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS