diff options
author | Fenghua Yu <fenghua.yu@intel.com> | 2009-04-06 11:21:49 -0700 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2009-04-06 14:47:00 -0700 |
commit | 31d3568dfeb1dfb2735f119efe5ece7c6d40969c (patch) | |
tree | 1318855f27727682e4ceda925c499ae99d6f4bba /drivers/pci/intel-iommu.c | |
parent | ffa009c366e33f3eae48bba2547051fe15795f64 (diff) |
Intel-IOMMU Alignment Issue in dma_pte_clear_range()
This issue was pointed out by Linus.
In dma_pte_clear_range() in intel-iommu.c
start = PAGE_ALIGN(start);
end &= PAGE_MASK;
npages = (end - start) / VTD_PAGE_SIZE;
In partial page case, start could be bigger than end and npages will be
negative.
Currently the issue doesn't show up as a real bug in because start and
end have been aligned to page boundary already by all callers. So the
issue has been hidden. But it is dangerous programming practice.
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Diffstat (limited to 'drivers/pci/intel-iommu.c')
-rw-r--r-- | drivers/pci/intel-iommu.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c index dcda5212f3b..f0dade1c587 100644 --- a/drivers/pci/intel-iommu.c +++ b/drivers/pci/intel-iommu.c @@ -733,8 +733,8 @@ static void dma_pte_clear_range(struct dmar_domain *domain, u64 start, u64 end) start &= (((u64)1) << addr_width) - 1; end &= (((u64)1) << addr_width) - 1; /* in case it's partial page */ - start = PAGE_ALIGN(start); - end &= PAGE_MASK; + start &= PAGE_MASK; + end = PAGE_ALIGN(end); npages = (end - start) / VTD_PAGE_SIZE; /* we don't need lock here, nobody else touches the iova range */ |