Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 858e904bd71dd0057a548d6785d94ce5ec4aeabd^1..858e904bd71dd0057a548d6785d94ce5ec4aeabd / .
commit858e904bd71dd0057a548d6785d94ce5ec4aeabd[log] [tgz]
authorLinus Torvalds <torvalds@linux-foundation.org>Tue Oct 27 07:44:13 2015 +0900
committerLinus Torvalds <torvalds@linux-foundation.org>Tue Oct 27 07:44:13 2015 +0900
treee93d9c0ac41cd061e0852186ffdc587c55eb6dc4
parentce6f9886037f5566cb8e440b9caa5e7d7334e53b [diff]
parentcbf3ccd09d683abf1cacd36e3640872ee912d99b [diff]
Merge tag 'iommu-fixes-v4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull iommu fixes from Joerg Roedel:
 "Two late fixes for the AMD IOMMU driver:

   - add an additional check to the io page-fault handler to avoid a
     BUG_ON being hit in handle_mm_fault()

   - fix a problem with devices writing to the system management area
     and were blocked by the IOMMU because the driver wrongly cleared
     out the DTE flags allowing that access"

* tag 'iommu-fixes-v4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: Don't clear DTE flags when modifying it
  iommu/amd: Fix BUG when faulting a PROT_NONE VMA

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 08d2775..532e2a2 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c

@@ -1974,8 +1974,8 @@
 static void clear_dte_entry(u16 devid)
 {
 	/* remove entry from the device table seen by the hardware */
-	amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV;
-	amd_iommu_dev_table[devid].data[1] = 0;
+	amd_iommu_dev_table[devid].data[0]  = IOMMU_PTE_P | IOMMU_PTE_TV;
+	amd_iommu_dev_table[devid].data[1] &= DTE_FLAG_MASK;
 
 	amd_iommu_apply_erratum_63(devid);
 }

diff --git a/drivers/iommu/amd_iommu_types.h b/drivers/iommu/amd_iommu_types.h
index f659088..c9b6472 100644
--- a/drivers/iommu/amd_iommu_types.h
+++ b/drivers/iommu/amd_iommu_types.h

@@ -295,6 +295,7 @@
 #define IOMMU_PTE_IR (1ULL << 61)
 #define IOMMU_PTE_IW (1ULL << 62)
 
+#define DTE_FLAG_MASK	(0x3ffULL << 32)
 #define DTE_FLAG_IOTLB	(0x01UL << 32)
 #define DTE_FLAG_GV	(0x01ULL << 55)
 #define DTE_GLX_SHIFT	(56)

diff --git a/drivers/iommu/amd_iommu_v2.c b/drivers/iommu/amd_iommu_v2.c
index 1131664..d21d4ed 100644
--- a/drivers/iommu/amd_iommu_v2.c
+++ b/drivers/iommu/amd_iommu_v2.c

@@ -516,6 +516,13 @@
 		goto out;
 	}
 
+	if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) {
+		/* handle_mm_fault would BUG_ON() */
+		up_read(&mm->mmap_sem);
+		handle_fault_error(fault);
+		goto out;
+	}
+
 	ret = handle_mm_fault(mm, vma, address, write);
 	if (ret & VM_FAULT_ERROR) {
 		/* failed to service fault */