In intel_svm_unbind_mm(), pasid table entry must be cleared during
svm free. Otherwise, hardware may be set up with a wild pointer.
Suggested-by: Ashok Raj <ashok....@intel.com>
Signed-off-by: Lu Baolu <baolu...@linux.intel.com>
---
drivers/iommu/intel-svm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/intel-svm.c b/drivers/iommu/intel-svm.c
index 43280ca..ed1cf7c 100644
--- a/drivers/iommu/intel-svm.c
+++ b/drivers/iommu/intel-svm.c
@@ -458,6 +458,8 @@ int intel_svm_unbind_mm(struct device *dev, int pasid)
kfree_rcu(sdev, rcu);
if (list_empty(&svm->devs)) {
+ svm->iommu->pasid_table[svm->pasid].val
= 0;
+ wmb();
idr_remove(&svm->iommu->pasid_idr,
svm->pasid);
if (svm->mm)
--
2.7.4
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
