git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Mostafa Saleh <smostafa@google.com>
	Thu, 24 Oct 2024 16:25:15 +0000 (16:25 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 9 Dec 2024 09:41:01 +0000 (10:41 +0100)
commit	aa3c291fd254800367f6f700cdcf5b910eeefa3d
tree	f5b3f1166e85e97af17fb27cf3afe74f899480e5	tree
parent	641404289fdd94bd02a30725e4fec977b5697b61	commit \| diff

iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables

commit d71fa842d33c48ac2809ae11d2379b5a788792cb upstream.

ARM_LPAE_LVL_IDX() takes into account concatenated PGDs and can return
an index spanning multiple page-table pages given a sufficiently large
input address. However, when the resulting index is used to calculate
the number of remaining entries in the page, the possibility of
concatenation is ignored and we end up computing a negative upper bound:

max_entries = ARM_LPAE_PTES_PER_TABLE(data) - map_idx_start;

On the map path, this results in a negative 'mapped' value being
returned but on the unmap path we can leak child tables if they are
skipped in __arm_lpae_free_pgtable().

Introduce an arm_lpae_max_entries() helper to convert a table index into
the remaining number of entries within a single page-table page.

Cc: <stable@vger.kernel.org>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Link: https://lore.kernel.org/r/20241024162516.2005652-2-smostafa@google.com
[will: Tweaked comment and commit message]
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>