On Wed, Jul 20, 2016 at 02:26:51PM +1000, Alexey Kardashevskiy wrote: > The iommu_table_ops::exchange() callback writes new TCE to the table > and returns old value and permission mask. The old TCE value is > correctly converted from BE to CPU endian; however permission mask > was calculated from BE value and therefore always returned DMA_NONE > which could cause memory leak on LE systems using VFIO SPAPR TCE IOMMU v1 > driver. > > This fixes pnv_tce_xchg() to have @oldtce a CPU endian. > > Fixes: 05c6cfb9dce0d13d37e9d007ee6a4af36f1c0a58 > Cc: stable@xxxxxxxxxxxxxxx # 4.2+ > Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx> Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> > --- > arch/powerpc/platforms/powernv/pci.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c > index 1d92bd9..7b17f88 100644 > --- a/arch/powerpc/platforms/powernv/pci.c > +++ b/arch/powerpc/platforms/powernv/pci.c > @@ -620,8 +620,8 @@ int pnv_tce_xchg(struct iommu_table *tbl, long index, > if (newtce & TCE_PCI_WRITE) > newtce |= TCE_PCI_READ; > > - oldtce = xchg(pnv_tce(tbl, idx), cpu_to_be64(newtce)); > - *hpa = be64_to_cpu(oldtce) & ~(TCE_PCI_READ | TCE_PCI_WRITE); > + oldtce = be64_to_cpu(xchg(pnv_tce(tbl, idx), cpu_to_be64(newtce))); > + *hpa = oldtce & ~(TCE_PCI_READ | TCE_PCI_WRITE); > *direction = iommu_tce_direction(oldtce); > > return 0; -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature