[1/1] iommu/amd: make sure TLB to be flushed before IOVA freed

Message ID 1528251526-11408-1-git-send-email-thunder.leizhen@huawei.com
State New
Headers show
Series
  • [1/1] iommu/amd: make sure TLB to be flushed before IOVA freed
Related show

Commit Message

Zhen Lei June 6, 2018, 2:18 a.m.
Although the mapping has already been removed in the page table, it maybe
still exist in TLB. Suppose the freed IOVAs is reused by others before the
flush operation completed, the new user can not correctly access to its
meomory.

Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>

---
 drivers/iommu/amd_iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--
1.8.3

Comments

Zhen Lei June 21, 2018, 6:08 a.m. | #1
Hi Joerg:
  Can you take a look at it?


On 2018/6/6 10:18, Zhen Lei wrote:
> Although the mapping has already been removed in the page table, it maybe

> still exist in TLB. Suppose the freed IOVAs is reused by others before the

> flush operation completed, the new user can not correctly access to its

> meomory.

> 

> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>

> ---

>  drivers/iommu/amd_iommu.c | 2 +-

>  1 file changed, 1 insertion(+), 1 deletion(-)

> 

> diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c

> index 8fb8c73..93aa389 100644

> --- a/drivers/iommu/amd_iommu.c

> +++ b/drivers/iommu/amd_iommu.c

> @@ -2402,9 +2402,9 @@ static void __unmap_single(struct dma_ops_domain *dma_dom,

>  	}

> 

>  	if (amd_iommu_unmap_flush) {

> -		dma_ops_free_iova(dma_dom, dma_addr, pages);

>  		domain_flush_tlb(&dma_dom->domain);

>  		domain_flush_complete(&dma_dom->domain);

> +		dma_ops_free_iova(dma_dom, dma_addr, pages);

>  	} else {

>  		pages = __roundup_pow_of_two(pages);

>  		queue_iova(&dma_dom->iovad, dma_addr >> PAGE_SHIFT, pages, 0);

> --

> 1.8.3

> 

> 

> 

> .

> 


-- 
Thanks!
BestRegards
Joerg Roedel July 6, 2018, 11:21 a.m. | #2
On Wed, Jun 06, 2018 at 10:18:46AM +0800, Zhen Lei wrote:
> Although the mapping has already been removed in the page table, it maybe

> still exist in TLB. Suppose the freed IOVAs is reused by others before the

> flush operation completed, the new user can not correctly access to its

> meomory.

> 

> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>

> ---

>  drivers/iommu/amd_iommu.c | 2 +-

>  1 file changed, 1 insertion(+), 1 deletion(-)


Applied, thanks.

Patch

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 8fb8c73..93aa389 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -2402,9 +2402,9 @@  static void __unmap_single(struct dma_ops_domain *dma_dom,
 	}

 	if (amd_iommu_unmap_flush) {
-		dma_ops_free_iova(dma_dom, dma_addr, pages);
 		domain_flush_tlb(&dma_dom->domain);
 		domain_flush_complete(&dma_dom->domain);
+		dma_ops_free_iova(dma_dom, dma_addr, pages);
 	} else {
 		pages = __roundup_pow_of_two(pages);
 		queue_iova(&dma_dom->iovad, dma_addr >> PAGE_SHIFT, pages, 0);