git.hungrycats.org Git - linux/commit

author	Mostafa Saleh <smostafa@google.com>
	Thu, 24 Oct 2024 16:25:15 +0000 (16:25 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 9 Dec 2024 09:33:05 +0000 (10:33 +0100)
commit	3723d1c056d04408acfe13403596b9c5832d364f
tree	1b4bbfff21d7aca7ff866edbcfa154346a7fe026	tree \| snapshot
parent	9a8b989d8958f1771d79c351df9f082184e3c46f	commit \| diff

iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables

commit d71fa842d33c48ac2809ae11d2379b5a788792cb upstream.

ARM_LPAE_LVL_IDX() takes into account concatenated PGDs and can return
an index spanning multiple page-table pages given a sufficiently large
input address. However, when the resulting index is used to calculate
the number of remaining entries in the page, the possibility of
concatenation is ignored and we end up computing a negative upper bound:

max_entries = ARM_LPAE_PTES_PER_TABLE(data) - map_idx_start;

On the map path, this results in a negative 'mapped' value being
returned but on the unmap path we can leak child tables if they are
skipped in __arm_lpae_free_pgtable().

Introduce an arm_lpae_max_entries() helper to convert a table index into
the remaining number of entries within a single page-table page.

Cc: <stable@vger.kernel.org>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Link: https://lore.kernel.org/r/20241024162516.2005652-2-smostafa@google.com
[will: Tweaked comment and commit message]
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>