Commit 9b77e5c7 authored by Shameer Kolothum's avatar Shameer Kolothum Committed by Alex Williamson
Browse files

vfio/type1: check dma map request is within a valid iova range 



This checks and rejects any dma map request outside valid iova
range.

Signed-off-by: default avatarShameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: default avatarEric Auger <eric.auger@redhat.com>
Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent f45daadf

drivers/vfio/vfio_iommu_type1.c

+26 −0
Original line number Diff line number Diff line
@@ -1038,6 +1038,27 @@ static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma, 
	return ret;

}



/*

 * Check dma map request is within a valid iova range

 */

static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu,

				      dma_addr_t start, dma_addr_t end)

{

	struct list_head *iova = &iommu->iova_list;

	struct vfio_iova *node;



	list_for_each_entry(node, iova, list) {

		if (start >= node->start && end <= node->end)

			return true;

	}



	/*

	 * Check for list_empty() as well since a container with

	 * a single mdev device will have an empty list.

	 */

	return list_empty(iova);

}



static int vfio_dma_do_map(struct vfio_iommu *iommu,

			   struct vfio_iommu_type1_dma_map *map)

{
@@ -1081,6 +1102,11 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu, 
		goto out_unlock;

	}



	if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) {

		ret = -EINVAL;

		goto out_unlock;

	}



	dma = kzalloc(sizeof(*dma), GFP_KERNEL);

	if (!dma) {

		ret = -ENOMEM;

CRA Git | Maintained and supported by SUSTech CRA and CCSE