Commit b15a3891 authored by Jan Beulich's avatar Jan Beulich Committed by Linus Torvalds

avoid endless loops in lib/swiotlb.c

Commit 681cc5cd ("iommu sg merging:
swiotlb: respect the segment boundary limits") introduced two
possibilities for entering an endless loop in lib/swiotlb.c:

 - if max_slots is zero (possible if mask is ~0UL)
 - if the number of slots requested fits into a swiotlb segment, but is
   too large for the part of a segment which remains after considering
   offset_slots

This fixes them
Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 96e31022
...@@ -310,7 +310,9 @@ map_single(struct device *hwdev, char *buffer, size_t size, int dir) ...@@ -310,7 +310,9 @@ map_single(struct device *hwdev, char *buffer, size_t size, int dir)
start_dma_addr = virt_to_bus(io_tlb_start) & mask; start_dma_addr = virt_to_bus(io_tlb_start) & mask;
offset_slots = ALIGN(start_dma_addr, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT; offset_slots = ALIGN(start_dma_addr, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT;
max_slots = ALIGN(mask + 1, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT; max_slots = mask + 1
? ALIGN(mask + 1, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT
: 1UL << (BITS_PER_LONG - IO_TLB_SHIFT);
/* /*
* For mappings greater than a page, we limit the stride (and * For mappings greater than a page, we limit the stride (and
...@@ -333,16 +335,18 @@ map_single(struct device *hwdev, char *buffer, size_t size, int dir) ...@@ -333,16 +335,18 @@ map_single(struct device *hwdev, char *buffer, size_t size, int dir)
index = ALIGN(io_tlb_index, stride); index = ALIGN(io_tlb_index, stride);
if (index >= io_tlb_nslabs) if (index >= io_tlb_nslabs)
index = 0; index = 0;
wrap = index;
do {
while (is_span_boundary(index, nslots, offset_slots, while (is_span_boundary(index, nslots, offset_slots,
max_slots)) { max_slots)) {
index += stride; index += stride;
if (index >= io_tlb_nslabs) if (index >= io_tlb_nslabs)
index = 0; index = 0;
if (index == wrap)
goto not_found;
} }
wrap = index;
do {
/* /*
* If we find a slot that indicates we have 'nslots' * If we find a slot that indicates we have 'nslots'
* number of contiguous buffers, we allocate the * number of contiguous buffers, we allocate the
...@@ -367,14 +371,12 @@ map_single(struct device *hwdev, char *buffer, size_t size, int dir) ...@@ -367,14 +371,12 @@ map_single(struct device *hwdev, char *buffer, size_t size, int dir)
goto found; goto found;
} }
do {
index += stride; index += stride;
if (index >= io_tlb_nslabs) if (index >= io_tlb_nslabs)
index = 0; index = 0;
} while (is_span_boundary(index, nslots, offset_slots,
max_slots));
} while (index != wrap); } while (index != wrap);
not_found:
spin_unlock_irqrestore(&io_tlb_lock, flags); spin_unlock_irqrestore(&io_tlb_lock, flags);
return NULL; return NULL;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment