In the current dma-iommu implementation, the upper limit used when allocating iovas is based on the calling device's dma_mask without considering the potentially more restrictive iova limits established in iommu_dma_init_domain. To ensure that iovas are allocated within the expected iova region, this patch adds logic in __alloc_iova to clip input dma_limit values that are out of bounds.
Signed-off-by: Nate Watterson <[email protected]> --- drivers/iommu/dma-iommu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c index ea5a9eb..2066066 100644 --- a/drivers/iommu/dma-iommu.c +++ b/drivers/iommu/dma-iommu.c @@ -157,11 +157,14 @@ static struct iova *__alloc_iova(struct iova_domain *iovad, size_t size, unsigned long shift = iova_shift(iovad); unsigned long length = iova_align(iovad, size) >> shift; + /* Respect the upper limit established in iommu_dma_init_domain */ + dma_limit = min_t(dma_addr_t, dma_limit >> shift, iovad->dma_32bit_pfn); + /* * Enforce size-alignment to be safe - there could perhaps be an * attribute to control this per-device, or at least per-domain... */ - return alloc_iova(iovad, length, dma_limit >> shift, true); + return alloc_iova(iovad, length, dma_limit, true); } /* The IOVA allocator knows what we mapped, so just unmap whatever that was */ -- Qualcomm Datacenter Technologies, Inc. on behalf of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.
