From 9b6836900e1652b93215b36ad309950e64919b83 Mon Sep 17 00:00:00 2001 From: "Isaac J. Manjarres" Date: Mon, 17 May 2021 16:29:21 -0700 Subject: [PATCH] ANDROID: iommu/io-pgtable-arm: Fix unmapping loop in __arm_lpae_unmap() When unmapping multiple entries, __arm_lpae_unmap() should unmap one entry at a time and perform TLB maintenance as required for that entry. However, the existing logic clears all N entries starting at a particular point in the page table, and moves on to the next entry, and clears N entries again, which is not correct. Ensure that only one entry is cleared and handled at a time, as was originally intended. Bug: 178537788 Reported-by: John Stultz Fixes: 3c75179a31c6 ("ANDROID: iommu/io-pgtable-arm: Free underlying page tables for large mappings") Change-Id: I814418ed0782c1e51316f191fdad939028b75731 Signed-off-by: Isaac J. Manjarres --- drivers/iommu/io-pgtable-arm.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c index a44746ebddf0..0d7bb004e587 100644 --- a/drivers/iommu/io-pgtable-arm.c +++ b/drivers/iommu/io-pgtable-arm.c @@ -244,16 +244,13 @@ static void __arm_lpae_sync_pte(arm_lpae_iopte *ptep, int num_entries, sizeof(*ptep) * num_entries, DMA_TO_DEVICE); } -static void __arm_lpae_set_pte(arm_lpae_iopte *ptep, arm_lpae_iopte pte, - int num_entries, struct io_pgtable_cfg *cfg) +static void __arm_lpae_clear_pte(arm_lpae_iopte *ptep, struct io_pgtable_cfg *cfg) { - int i; - for (i = 0; i < num_entries; i++) - ptep[i] = pte; + *ptep = 0; if (!cfg->coherent_walk) - __arm_lpae_sync_pte(ptep, num_entries, cfg); + __arm_lpae_sync_pte(ptep, 1, cfg); } static size_t __arm_lpae_unmap(struct arm_lpae_io_pgtable *data, @@ -643,11 +640,11 @@ static size_t __arm_lpae_unmap(struct arm_lpae_io_pgtable *data, if (WARN_ON(!pte)) break; - __arm_lpae_set_pte(ptep, 0, num_entries, &iop->cfg); + __arm_lpae_clear_pte(ptep, &iop->cfg); if (!iopte_leaf(pte, lvl, iop->fmt)) { /* Also flush any partial walks */ - io_pgtable_tlb_flush_walk(iop, iova, num_entries * size, + io_pgtable_tlb_flush_walk(iop, iova + i * size, size, ARM_LPAE_GRANULE(data)); __arm_lpae_free_pgtable(data, lvl + 1, iopte_deref(pte, data)); } else if (iop->cfg.quirks & IO_PGTABLE_QUIRK_NON_STRICT) {