Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d54d6924 authored by Olav Haugan's avatar Olav Haugan
Browse files

iommu: msm: Fix potential memory leak in unmapping 



A memory leak can occur when we have a 2MB mapping
followed by smaller mappings requiring 3rd level page
tables. Fix this potential for memory leak in iommu
unmapping code for LPAE by not assuming that the next
entry after a 2MB mapping is also a 2MB mapping.

CRs-fixed: 659056
Change-Id: I51f5bf2feedc6460adccbfb17070331b7c28454f
Signed-off-by: default avatarOlav Haugan <ohaugan@codeaurora.org>
parent 7524e3f6

drivers/iommu/msm_iommu_pagetable_lpae.c

+5 −22
Original line number Diff line number Diff line
@@ -572,7 +572,6 @@ static void __msm_iommu_pagetable_unmap_range(struct msm_iommu_pt *pt, u32 va, 
	u32 sl_offset;

	u64 *sl_table;

	u64 *tl_table;

	u32 sl_start, sl_end;

	u32 tl_start, tl_end;

	u32 redirect = pt->redirect;
@@ -606,31 +605,15 @@ static void __msm_iommu_pagetable_unmap_range(struct msm_iommu_pt *pt, u32 va, 
			type = *sl_pte & FLSL_PTE_TYPE_MASK;



			if (type == FLSL_TYPE_BLOCK) {

				sl_start = sl_offset;

				sl_end = (left_to_unmap / SZ_2M) + sl_start;

				*sl_pte = 0;



				if (sl_end > NUM_TL_PTE)

					sl_end = NUM_TL_PTE;



				entries = sl_end - sl_start;



				memset(sl_table + sl_start, 0,

				       entries * sizeof(*sl_pte));



				clean_pte(sl_table + sl_start,

					  sl_table + sl_end, redirect);



				/* If we just unmapped the whole table, don't

				 * bother seeing if there are still used

				 * entries left.

				 */

				check = ((sl_end - sl_start) != NUM_SL_PTE);

				clean_pte(sl_pte, sl_pte + 1, redirect);



				free_table(fl_pte, sl_table, NUM_SL_PTE,

					   redirect, check);

					   redirect, 1);



				offset += entries * SZ_2M;

				va += entries * SZ_2M;

				offset += SZ_2M;

				va += SZ_2M;

			} else if (type == FLSL_TYPE_TABLE) {

				u32 tbl_freed;