iommu/dma: Fix not fully traversing iova reservations issue

zhaoxin inclusion category: other CVE: NA ----------------- For multiple devices in the same iommu group, sorted later devices (based on Bus:Dev.Func) have the RMRR. Sorted earlier device (without RMRR) initialized the iova domain causing the sorted later device goto done_unlock. Then, the sorted later device (with RMRR) cannot execute the iova_reserve_iommu_regions to reserve the RMRR in the group's iova domain, and other devices (in the same group) alloc iova in RMRR are permitted. DMA iova addresses conflict with RMRR in this case. There is a need to make sure all devices of the same group execute reserve iova. Substitute iova_reserve_iommu_regions with iova_reserve_pci_regions (reserved PCI window)and iova_reserve_iommu_regions(reserved resv-region, like RMRR and msi range). And then, goto iova_reserve_iommu_regions could avoid the problem when if (iovad->start_pfn) is true. Signed-off-by: leoliu-oc <leoliu-oc@zhaoxin.com>
deepin-community · Jun 14, 2024 · 060061c · 060061c
1 parent 5086b5c
commit 060061c
Showing 1 changed file with 19 additions and 7 deletions.
diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
@@ -478,6 +478,19 @@ static int iova_reserve_pci_windows(struct pci_dev *dev,
 	return 0;
 }
 
+static int iova_reserve_pci_regions(struct device *dev,
+		struct iommu_domain *domain)
+{
+	struct iommu_dma_cookie *cookie = domain->iova_cookie;
+	struct iova_domain *iovad = &cookie->iovad;
+	int ret = 0;
+
+	if (dev_is_pci(dev))
+		ret = iova_reserve_pci_windows(to_pci_dev(dev), iovad);
+
+	return ret;
+}
+
 static int iova_reserve_iommu_regions(struct device *dev,
 		struct iommu_domain *domain)
 {
@@ -487,12 +500,6 @@ static int iova_reserve_iommu_regions(struct device *dev,
 	LIST_HEAD(resv_regions);
 	int ret = 0;
 
-	if (dev_is_pci(dev)) {
-		ret = iova_reserve_pci_windows(to_pci_dev(dev), iovad);
-		if (ret)
-			return ret;
-	}
-
 	iommu_get_resv_regions(dev, &resv_regions);
 	list_for_each_entry(region, &resv_regions, list) {
 		unsigned long lo, hi;
@@ -607,7 +614,7 @@ static int iommu_dma_init_domain(struct iommu_domain *domain, dma_addr_t base,
 		}
 
 		ret = 0;
-		goto done_unlock;
+		goto iova_reserve_iommu;
 	}
 
 	init_iova_domain(iovad, 1UL << order, base_pfn);
@@ -620,6 +627,11 @@ static int iommu_dma_init_domain(struct iommu_domain *domain, dma_addr_t base,
 	    (!device_iommu_capable(dev, IOMMU_CAP_DEFERRED_FLUSH) || iommu_dma_init_fq(domain)))
 		domain->type = IOMMU_DOMAIN_DMA;
 
+	ret = iova_reserve_pci_regions(dev, domain);
+	if (ret)
+		goto done_unlock;
+
+iova_reserve_iommu:
 	ret = iova_reserve_iommu_regions(dev, domain);
 
 done_unlock: