Intel-IOMMU Alignment Issue in dma_pte_clear_range()

This issue was pointed out by Linus. In dma_pte_clear_range() in intel-iommu.c start = PAGE_ALIGN(start); end &= PAGE_MASK; npages = (end - start) / VTD_PAGE_SIZE; In partial page case, start could be bigger than end and npages will be negative. Currently the issue doesn't show up as a real bug in because start and end have been aligned to page boundary already by all callers. So the issue has been hidden. But it is dangerous programming practice. Signed-off-by: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
git-mirror · Apr 6, 2009 · 31d3568 · 31d3568
1 parent ffa009c
commit 31d3568
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
@@ -733,8 +733,8 @@ static void dma_pte_clear_range(struct dmar_domain *domain, u64 start, u64 end)
 	start &= (((u64)1) << addr_width) - 1;
 	end &= (((u64)1) << addr_width) - 1;
 	/* in case it's partial page */
-	start = PAGE_ALIGN(start);
-	end &= PAGE_MASK;
+	start &= PAGE_MASK;
+	end = PAGE_ALIGN(end);
 	npages = (end - start) / VTD_PAGE_SIZE;
 
 	/* we don't need lock here, nobody else touches the iova range */