Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 284a349f authored by Prakash Gupta's avatar Prakash Gupta
Browse files

iommu/arm-smmu: restrict secure vmid update while attached 



Client can update secure vmid by setting attribute DOMAIN_ATTR_SECURE_VMID.
If this is done after domain attach, it causes a condition where TTBR pages
aren't mapped to secure VMID.  This causes S2 translation fault. Disallow
secure vmid update if domain is attached.
While we are at it, restrict DOMAIN_ATTR_FAST update while domain is
attached.

Change-Id: I4246f1f90a11ed21dfafa360cc2f16ade2708d2b
Signed-off-by: default avatarPrakash Gupta <guptap@codeaurora.org>
parent f94ba33e

drivers/iommu/arm-smmu.c

+12 −0
Original line number Diff line number Diff line
@@ -3881,6 +3881,12 @@ static int __arm_smmu_domain_set_attr(struct iommu_domain *domain, 
		break;

	}

	case DOMAIN_ATTR_SECURE_VMID:

		/* can't be changed while attached */

		if (smmu_domain->smmu != NULL) {

			ret = -EBUSY;

			break;

		}



		if (smmu_domain->secure_vmid != VMID_INVAL) {

			ret = -ENODEV;

			WARN(1, "secure vmid already set!");
@@ -3894,6 +3900,12 @@ static int __arm_smmu_domain_set_attr(struct iommu_domain *domain, 
		 * force DOMAIN_ATTR_ATOMIC to bet set.

		 */

	case DOMAIN_ATTR_FAST:

		/* can't be changed while attached */

		if (smmu_domain->smmu != NULL) {

			ret = -EBUSY;

			break;

		}



		if (*((int *)data)) {

			smmu_domain->attributes |= 1 << DOMAIN_ATTR_FAST;

			smmu_domain->attributes |= 1 << DOMAIN_ATTR_ATOMIC;