iommu/arm-smmu: Fix CMDQ error handling
authorWill Deacon <will.deacon@arm.com>
Fri, 29 Jul 2016 10:15:37 +0000 (11:15 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 7 Sep 2016 06:32:40 +0000 (08:32 +0200)
commitaef62956c81d90456a9b3c051c21f679126a5d56
tree63b183b8853d711ef2af553ea606ec9e830e919d
parentd360081c4bd4361d7df6f879c0f31262ba4f2525
iommu/arm-smmu: Fix CMDQ error handling

commit aea2037e0d3e23c3be1498feae29f71ca997d9e6 upstream.

In the unlikely event of a global command queue error, the ARM SMMUv3
driver attempts to convert the problematic command into a CMD_SYNC and
resume the command queue. Unfortunately, this code is pretty badly
broken:

  1. It uses the index into the error string table as the CMDQ index,
     so we probably read the wrong entry out of the queue

  2. The arguments to queue_write are the wrong way round, so we end up
     writing from the queue onto the stack.

These happily cancel out, so the kernel is likely to stay alive, but
the command queue will probably fault again when we resume.

This patch fixes the error handling code to use the correct queue index
and write back the CMD_SYNC to the faulting entry.

Fixes: 48ec83bcbcf5 ("iommu/arm-smmu: Add initial driver support for ARM SMMUv3 devices")
Reported-by: Diwakar Subraveti <Diwakar.Subraveti@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/iommu/arm-smmu-v3.c