Patch "iommu/vt-d: Limit max address mask to MAX_AGAW_PFN_WIDTH" has been added to the 6.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 27 Jul 2024 10:29:02 -0400

This is a note to let you know that I've just added the patch titled

    iommu/vt-d: Limit max address mask to MAX_AGAW_PFN_WIDTH

to the 6.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     iommu-vt-d-limit-max-address-mask-to-max_agaw_pfn_wi.patch
and it can be found in the queue-6.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0d16c84e7344895db3098d2370936103bfb3cb57
Author: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
Date:   Tue Jul 9 23:26:42 2024 +0800

    iommu/vt-d: Limit max address mask to MAX_AGAW_PFN_WIDTH
    
    [ Upstream commit c420a2b4e8be06f16f3305472bd25a1dd12059ec ]
    
    Address mask specifies the number of low order bits of the address field
    that must be masked for the invalidation operation.
    
    Since address bits masked start from bit 12, the max address mask should
    be MAX_AGAW_PFN_WIDTH, as defined in Table 19 ("Invalidate Descriptor
    Address Mask Encodings") of the spec.
    
    Limit the max address mask returned from calculate_psi_aligned_address()
    to MAX_AGAW_PFN_WIDTH to prevent potential integer overflow in the
    following code:
    
    qi_flush_dev_iotlb():
        ...
        addr |= (1ULL << (VTD_PAGE_SHIFT + mask - 1)) - 1;
        ...
    
    Fixes: c4d27ffaa8eb ("iommu/vt-d: Add cache tag invalidation helpers")
    Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
    Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20240709152643.28109-2-baolu.lu@xxxxxxxxxxxxxxx
    Signed-off-by: Will Deacon <will@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/iommu/intel/cache.c b/drivers/iommu/intel/cache.c
index e8418cdd8331b..0a3bb38a52890 100644
--- a/drivers/iommu/intel/cache.c
+++ b/drivers/iommu/intel/cache.c
@@ -245,7 +245,7 @@ static unsigned long calculate_psi_aligned_address(unsigned long start,
 		 * shared_bits are all equal in both pfn and end_pfn.
 		 */
 		shared_bits = ~(pfn ^ end_pfn) & ~bitmask;
-		mask = shared_bits ? __ffs(shared_bits) : BITS_PER_LONG;
+		mask = shared_bits ? __ffs(shared_bits) : MAX_AGAW_PFN_WIDTH;
 	}
 
 	*_pages = aligned_pages;







