git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jason Gunthorpe <jgg@nvidia.com>
	Fri, 30 Aug 2024 00:06:13 +0000 (21:06 -0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 5 Dec 2024 12:53:34 +0000 (13:53 +0100)
commit	259999ac41558c91425914e61a78784ddf811bc4
tree	80679df94b327c3991c787d0b8df92397c8978d3	tree
parent	afd22d9839359829776abb55cc9bc4946e888704	commit \| diff

iommu/amd: Remove amd_iommu_domain_update() from page table freeing

[ Upstream commit 322d889ae7d39f8538a6deac35869aa3be1855bd ]

It is a serious bug if the domain is still mapped to any DTEs when it is
freed as we immediately start freeing page table memory, so any remaining
HW touch will UAF.

If it is not mapped then dev_list is empty and amd_iommu_domain_update()
does nothing.

Remove it and add a WARN_ON() to catch this class of bug.

Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/4-v2-831cdc4d00f3+1a315-amd_iopgtbl_jgg@nvidia.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Stable-dep-of: 016991606aa0 ("iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB")
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/iommu/amd/io_pgtable.c		diff \| blob \| blame \| history
drivers/iommu/amd/iommu.c		diff \| blob \| blame \| history