diff options
author | Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> | 2019-07-23 17:06:35 +0100 |
---|---|---|
committer | Alex Williamson <alex.williamson@redhat.com> | 2019-08-19 13:55:50 -0600 |
commit | 9b77e5c79840fc334a5b7f770c5ab0c09dc0e028 (patch) | |
tree | 5d354772c165737acb59daee18f3cc24c004a7f3 /drivers/vfio | |
parent | f45daadfe1add9f468f3ae1f7e2d9b235fe80748 (diff) | |
download | linux-stable-9b77e5c79840fc334a5b7f770c5ab0c09dc0e028.tar.gz linux-stable-9b77e5c79840fc334a5b7f770c5ab0c09dc0e028.tar.bz2 linux-stable-9b77e5c79840fc334a5b7f770c5ab0c09dc0e028.zip |
vfio/type1: check dma map request is within a valid iova range
This checks and rejects any dma map request outside valid iova
range.
Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Diffstat (limited to 'drivers/vfio')
-rw-r--r-- | drivers/vfio/vfio_iommu_type1.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c index 7005a8cfca1b..56cf55776d6c 100644 --- a/drivers/vfio/vfio_iommu_type1.c +++ b/drivers/vfio/vfio_iommu_type1.c @@ -1038,6 +1038,27 @@ static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma, return ret; } +/* + * Check dma map request is within a valid iova range + */ +static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu, + dma_addr_t start, dma_addr_t end) +{ + struct list_head *iova = &iommu->iova_list; + struct vfio_iova *node; + + list_for_each_entry(node, iova, list) { + if (start >= node->start && end <= node->end) + return true; + } + + /* + * Check for list_empty() as well since a container with + * a single mdev device will have an empty list. + */ + return list_empty(iova); +} + static int vfio_dma_do_map(struct vfio_iommu *iommu, struct vfio_iommu_type1_dma_map *map) { @@ -1081,6 +1102,11 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu, goto out_unlock; } + if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) { + ret = -EINVAL; + goto out_unlock; + } + dma = kzalloc(sizeof(*dma), GFP_KERNEL); if (!dma) { ret = -ENOMEM; |