On Thu, 21 May 2020 17:00:04 +0530 Prakash Gupta <guptap@xxxxxxxxxxxxxx> wrote: > Limit the iova size while freeing based on unmapped size. In absence of > this even with unmap failure, invalid iova is pushed to iova rcache and > subsequently can cause panic while rcache magazine is freed. > > Signed-off-by: Prakash Gupta <guptap@xxxxxxxxxxxxxx> > I think we need a cc:stable here? > --- a/drivers/iommu/dma-iommu.c > +++ b/drivers/iommu/dma-iommu.c > @@ -472,7 +472,8 @@ static void __iommu_dma_unmap(struct device *dev, dma_addr_t dma_addr, > > if (!cookie->fq_domain) > iommu_tlb_sync(domain, &iotlb_gather); > - iommu_dma_free_iova(cookie, dma_addr, size); > + if (unmapped) > + iommu_dma_free_iova(cookie, dma_addr, unmapped); > } > > static dma_addr_t __iommu_dma_map(struct device *dev, phys_addr_t phys, I'll assume that Joerg will handle this fix?
