git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Mostafa Saleh <smostafa@google.com>
	Thu, 24 Oct 2024 16:25:15 +0000 (16:25 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 14 Dec 2024 18:50:34 +0000 (19:50 +0100)
commit	03c863749bab589b88a0f7c873e1a47677431d60
tree	36c7d868603bda785459c2db63df0f6ceefcd150	tree
parent	b4f3288f9530573cff7bad473a272133ec00ab82	commit \| diff

iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables

commit d71fa842d33c48ac2809ae11d2379b5a788792cb upstream.

ARM_LPAE_LVL_IDX() takes into account concatenated PGDs and can return
an index spanning multiple page-table pages given a sufficiently large
input address. However, when the resulting index is used to calculate
the number of remaining entries in the page, the possibility of
concatenation is ignored and we end up computing a negative upper bound:

max_entries = ARM_LPAE_PTES_PER_TABLE(data) - map_idx_start;

On the map path, this results in a negative 'mapped' value being
returned but on the unmap path we can leak child tables if they are
skipped in __arm_lpae_free_pgtable().

Introduce an arm_lpae_max_entries() helper to convert a table index into
the remaining number of entries within a single page-table page.

Cc: <stable@vger.kernel.org>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Link: https://lore.kernel.org/r/20241024162516.2005652-2-smostafa@google.com
[will: Tweaked comment and commit message]
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>