summaryrefslogtreecommitdiff
path: root/drivers/iommu
diff options
context:
space:
mode:
authorJan Niehusmann <jan@gondor.com>2016-06-06 14:20:11 +0200
committerJoerg Roedel <jroedel@suse.de>2016-06-27 13:21:37 +0200
commit3bd4f9112f87a9c65fe6e817272806167f0bc9ed (patch)
treea2aa2e26e7fb976169baaa54d09877e99ae6ed7d /drivers/iommu
parent583248e6620a4726093295e2d6785fcbc2e86428 (diff)
iommu/vt-d: Fix overflow of iommu->domains array
The valid range of 'did' in get_iommu_domain(*iommu, did) is 0..cap_ndoms(iommu->cap), so don't exceed that range in free_all_cpu_cached_iovas(). The user-visible impact of the out-of-bounds access is the machine hanging on suspend-to-ram. It is, in fact, a kernel panic, but due to already suspended devices, that's often not visible to the user. Fixes: 22e2f9fa63b0 ("iommu/vt-d: Use per-cpu IOVA caching") Signed-off-by: Jan Niehusmann <jan@gondor.com> Tested-By: Marius Vlad <marius.c.vlad@intel.com> Signed-off-by: Joerg Roedel <jroedel@suse.de>
Diffstat (limited to 'drivers/iommu')
-rw-r--r--drivers/iommu/intel-iommu.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 10700945994e..cfe410eedaf0 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -4607,7 +4607,7 @@ static void free_all_cpu_cached_iovas(unsigned int cpu)
if (!iommu)
continue;
- for (did = 0; did < 0xffff; did++) {
+ for (did = 0; did < cap_ndoms(iommu->cap); did++) {
domain = get_iommu_domain(iommu, did);
if (!domain)