On 2022-04-19 21:05, Nicolin Chen wrote:
On Tue, Apr 19, 2022 at 05:02:33PM -0300, Jason Gunthorpe wrote:
diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c
b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c
index d816759a6bcf..e280568bb513 100644
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c
@@ -183,7 +183,7 @@ static void arm_smmu_mm_invalidate_range(struct
mmu_notifier *mn,
{
struct arm_smmu_mmu_notifier *smmu_mn = mn_to_smmu(mn);
struct arm_smmu_domain *smmu_domain = smmu_mn->domain;
- size_t size = end - start + 1;
+ size_t size = end - start;
+1 to this bug fix. You should send a formal patch for stable with a fixes/etc
mmu notifiers uses 'end' not 'last' in alignment with how VMA's work:
include/linux/mm_types.h: unsigned long vm_end; /* The first
byte after our end address
Thanks for the review!
Yea, I will send a new patch.
Yup, +1 from me too - this is exactly the kind of thing I suspected -
and I reckon it might even be worth a comment in the code here that mm's
"end" is an exclusive limit, to help us remember in future. If there
doesn't look to be any way for completely arbitrarily-aligned addresses
to slip through then I'd be tempted to leave it at that (i.e. reason
that if the infinite loop can only happen due to catastrophic failure
then it's beyond the scope of things that are worth trying to mitigate),
but I'll let Jean and Will have the final say there.
Cheers,
Robin.
_______________________________________________
iommu mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/iommu
