linux/drivers/iommu
Will Deacon 5dc5616ee8 iommu/arm-smmu: Fix sign-extension of upstream bus addresses at stage 1
Stage 1 translation is controlled by two sets of page tables (TTBR0 and
TTBR1) which grow up and down from zero respectively in the ARMv8
translation regime. For the SMMU, we only care about TTBR0 and, in the
case of a 48-bit virtual space, we expect to map virtual addresses 0x0
through to 0xffff_ffff_ffff.

Given that some masters may be incapable of emitting virtual addresses
targetting TTBR1 (e.g. because they sit on a 48-bit bus), the SMMU
architecture allows bit 47 to be sign-extended, halving the virtual
range of TTBR0 but allowing TTBR1 to be used. This is controlled by the
SEP field in TTBCR2.

The SMMU driver incorrectly enables this sign-extension feature, which
causes problems when userspace addresses are programmed into a master
device with the SMMU expecting to map the incoming transactions via
TTBR0; if the top bit of address is set, we will instead get a
translation fault since TTBR1 walks are disabled in the TTBCR.

This patch fixes the issue by disabling sign-extension of a fixed
virtual address bit and instead basing the behaviour on the upstream bus
size: the incoming address is zero extended unless the upstream bus is
only 49 bits wide, in which case bit 48 is used as the sign bit and is
replicated to the upper bits.

Cc: <stable@vger.kernel.org> # v4.0+
Reported-by: Varun Sethi <varun.sethi@freescale.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2015-05-11 18:36:20 +02:00
..
amd_iommu.c Merge branches 'iommu/fixes', 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/tegra' and 'core' into next 2015-04-02 13:33:19 +02:00
amd_iommu_init.c IOMMU Updates for Linux v3.20 2015-02-12 09:16:56 -08:00
amd_iommu_proto.h IOMMU Updates for Linux v3.20 2015-02-12 09:16:56 -08:00
amd_iommu_types.h Merge branches 'iommu/fixes', 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/tegra' and 'core' into next 2015-04-02 13:33:19 +02:00
amd_iommu_v2.c iommu/amd: Fix bug in put_pasid_state_wait 2015-05-04 13:20:22 +02:00
arm-smmu.c iommu/arm-smmu: Fix sign-extension of upstream bus addresses at stage 1 2015-05-11 18:36:20 +02:00
dmar.c iommu/vt-d: Search for ACPI _DSM method for DMAR hotplug 2014-11-18 11:18:36 +01:00
exynos-iommu.c iommu/exynos: Make use of domain_alloc and domain_free 2015-03-31 15:32:11 +02:00
fsl_pamu.c iommu/fsl: Various cleanups 2015-02-03 18:47:18 +01:00
fsl_pamu.h iommu/fsl: Various cleanups 2015-02-03 18:47:18 +01:00
fsl_pamu_domain.c iommu/fsl: Make use of domain_alloc and domain_free 2015-03-31 15:32:14 +02:00
fsl_pamu_domain.h iommu/fsl: Make use of domain_alloc and domain_free 2015-03-31 15:32:14 +02:00
intel-iommu.c Merge git://git.infradead.org/intel-iommu 2015-04-26 17:47:46 -07:00
intel_irq_remapping.c Merge git://git.infradead.org/intel-iommu 2015-04-26 17:47:46 -07:00
io-pgtable-arm.c iommu/io-pgtable-arm: avoid speculative walks through TTBR1 2015-03-27 13:39:36 +00:00
io-pgtable.c iommu: add ARM LPAE page table allocator 2015-01-19 14:46:44 +00:00
io-pgtable.h iommu: io-pgtable-arm: add non-secure quirk 2015-01-19 14:46:45 +00:00
iommu-sysfs.c
iommu-traces.c
iommu.c iommu: Remove domain_init and domain_free iommu_ops 2015-03-31 15:32:16 +02:00
iova.c iommu: Make IOVA domain page size explicit 2015-01-19 14:55:22 +01:00
ipmmu-vmsa.c Merge branches 'iommu/fixes', 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/tegra' and 'core' into next 2015-04-02 13:33:19 +02:00
irq_remapping.c iommu/irq_remapping: Normailize the way to detect whether IR is enabled 2015-01-15 11:24:24 +01:00
irq_remapping.h IOMMU Updates for Linux v3.20 2015-02-12 09:16:56 -08:00
Kconfig iommu/io-pgtable-arm: Add built time dependency 2015-03-03 14:04:12 +01:00
Makefile Merge branches 'arm/renesas', 'arm/smmu', 'arm/omap', 'ppc/pamu', 'x86/amd' and 'core' into next 2015-02-04 16:53:44 +01:00
msm_iommu.c iommu/msm: Make use of domain_alloc and domain_free 2015-03-31 15:32:12 +02:00
msm_iommu.h
msm_iommu_dev.c iommu/msm: Use dev_get_platdata() 2014-11-04 15:03:39 +01:00
msm_iommu_hw-8xxx.h
of_iommu.c of: iommu: Add ptr to OF node arg to of_iommu_configure() 2015-03-03 14:42:55 -06:00
omap-iommu-debug.c iommu/omap: Switch pagetable debugfs entry to use seq_file 2014-10-23 14:33:48 +02:00
omap-iommu.c iommu/omap: Make use of domain_alloc and domain_free 2015-03-31 15:32:02 +02:00
omap-iommu.h iommu/omap: Do not export unneeded functions 2014-10-23 14:33:47 +02:00
omap-iopgtable.h
rockchip-iommu.c iommu/rockchip: Fix build without CONFIG_OF 2015-05-05 15:18:24 +02:00
shmobile-iommu.c iommu/shmobile: Make use of domain_alloc and domain_free 2015-03-31 15:32:13 +02:00
shmobile-ipmmu.c iommu: drop owner assignment from platform_drivers 2014-10-20 16:20:42 +02:00
shmobile-ipmmu.h
tegra-gart.c Merge branches 'iommu/fixes', 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/tegra' and 'core' into next 2015-04-02 13:33:19 +02:00
tegra-smmu.c Merge branches 'iommu/fixes', 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/tegra' and 'core' into next 2015-04-02 13:33:19 +02:00