From: Mike Waychison <mikew@google.com>
Date: Fri, 21 Apr 2006 07:43:25 +0000 (+0200)
Subject: [PATCH] x86_64: Fix a race in the free_iommu path.
X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commitdiff;h=c89ce82c2d942daacc7d7f5d3efafe7dba70bd23

[PATCH] x86_64: Fix a race in the free_iommu path.

We do this by removing a micro-optimization that tries to avoid grabbing
the iommu_bitmap_lock spinlock and using a bus-locked operation.

This still races with other simultaneous alloc_iommu or free_iommu(size
> 1) which both use bus-unlocked operations.

The end result of this race is eventually ending
up with an iommu_gart_bitmap that has bits errornously set all over,
making large contiguous iommu space allocations fail with 'PCI-DMA:
Out of IOMMU space'.

Signed-off-by: Mike Waychison <mikew@google.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

--- a/arch/x86_64/kernel/pci-gart.c
+++ b/arch/x86_64/kernel/pci-gart.c
@@ -114,10 +114,6 @@ static unsigned long alloc_iommu(int siz
 static void free_iommu(unsigned long offset, int size)
 { 
 	unsigned long flags;
-	if (size == 1) { 
-		clear_bit(offset, iommu_gart_bitmap); 
-		return;
-	}
 	spin_lock_irqsave(&iommu_bitmap_lock, flags);
 	__clear_bit_string(iommu_gart_bitmap, offset, size);
 	spin_unlock_irqrestore(&iommu_bitmap_lock, flags);