diff options
author | Fenghua Yu <fenghua.yu@intel.com> | 2009-04-06 14:21:49 -0400 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2009-04-06 17:47:00 -0400 |
commit | 31d3568dfeb1dfb2735f119efe5ece7c6d40969c (patch) | |
tree | 1318855f27727682e4ceda925c499ae99d6f4bba | |
parent | ffa009c366e33f3eae48bba2547051fe15795f64 (diff) |
Intel-IOMMU Alignment Issue in dma_pte_clear_range()
This issue was pointed out by Linus.
In dma_pte_clear_range() in intel-iommu.c
start = PAGE_ALIGN(start);
end &= PAGE_MASK;
npages = (end - start) / VTD_PAGE_SIZE;
In partial page case, start could be bigger than end and npages will be
negative.
Currently the issue doesn't show up as a real bug in because start and
end have been aligned to page boundary already by all callers. So the
issue has been hidden. But it is dangerous programming practice.
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
-rw-r--r-- | drivers/pci/intel-iommu.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c index dcda5212f3bb..f0dade1c587b 100644 --- a/drivers/pci/intel-iommu.c +++ b/drivers/pci/intel-iommu.c | |||
@@ -733,8 +733,8 @@ static void dma_pte_clear_range(struct dmar_domain *domain, u64 start, u64 end) | |||
733 | start &= (((u64)1) << addr_width) - 1; | 733 | start &= (((u64)1) << addr_width) - 1; |
734 | end &= (((u64)1) << addr_width) - 1; | 734 | end &= (((u64)1) << addr_width) - 1; |
735 | /* in case it's partial page */ | 735 | /* in case it's partial page */ |
736 | start = PAGE_ALIGN(start); | 736 | start &= PAGE_MASK; |
737 | end &= PAGE_MASK; | 737 | end = PAGE_ALIGN(end); |
738 | npages = (end - start) / VTD_PAGE_SIZE; | 738 | npages = (end - start) / VTD_PAGE_SIZE; |
739 | 739 | ||
740 | /* we don't need lock here, nobody else touches the iova range */ | 740 | /* we don't need lock here, nobody else touches the iova range */ |