Commit 7dc4b2fd authored by Steve Sistare's avatar Steve Sistare Committed by Alex Williamson

vfio/type1: fix unmap all on ILP32

Some ILP32 architectures support mapping a 32-bit vaddr within a 64-bit
iova space.  The unmap-all code uses 32-bit SIZE_MAX as an upper bound on
the extent of the mappings within iova space, so mappings above 4G cannot
be found and unmapped.  Use U64_MAX instead, and use u64 for size variables.
This also fixes a static analysis bug found by the kernel test robot running
smatch for ILP32.

Fixes: 0f53afa1 ("vfio/type1: unmap cleanup")
Fixes: c1965099 ("vfio/type1: implement unmap all")
Reported-by: default avatarkernel test robot <lkp@intel.com>
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarSteve Sistare <steven.sistare@oracle.com>
Message-Id: <1614281102-230747-1-git-send-email-steven.sistare@oracle.com>
Link: https://lore.kernel.org/linux-mm/20210222141043.GW2222@kadamReviewed-by: default avatarCornelia Huck <cohuck@redhat.com>
Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent 1e28eed1
...@@ -189,7 +189,7 @@ static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu, ...@@ -189,7 +189,7 @@ static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu,
} }
static struct rb_node *vfio_find_dma_first_node(struct vfio_iommu *iommu, static struct rb_node *vfio_find_dma_first_node(struct vfio_iommu *iommu,
dma_addr_t start, size_t size) dma_addr_t start, u64 size)
{ {
struct rb_node *res = NULL; struct rb_node *res = NULL;
struct rb_node *node = iommu->dma_list.rb_node; struct rb_node *node = iommu->dma_list.rb_node;
...@@ -1288,7 +1288,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, ...@@ -1288,7 +1288,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
int ret = -EINVAL, retries = 0; int ret = -EINVAL, retries = 0;
unsigned long pgshift; unsigned long pgshift;
dma_addr_t iova = unmap->iova; dma_addr_t iova = unmap->iova;
unsigned long size = unmap->size; u64 size = unmap->size;
bool unmap_all = unmap->flags & VFIO_DMA_UNMAP_FLAG_ALL; bool unmap_all = unmap->flags & VFIO_DMA_UNMAP_FLAG_ALL;
bool invalidate_vaddr = unmap->flags & VFIO_DMA_UNMAP_FLAG_VADDR; bool invalidate_vaddr = unmap->flags & VFIO_DMA_UNMAP_FLAG_VADDR;
struct rb_node *n, *first_n; struct rb_node *n, *first_n;
...@@ -1304,14 +1304,12 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, ...@@ -1304,14 +1304,12 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
if (unmap_all) { if (unmap_all) {
if (iova || size) if (iova || size)
goto unlock; goto unlock;
size = SIZE_MAX; size = U64_MAX;
} else if (!size || size & (pgsize - 1)) { } else if (!size || size & (pgsize - 1) ||
iova + size - 1 < iova || size > SIZE_MAX) {
goto unlock; goto unlock;
} }
if (iova + size - 1 < iova || size > SIZE_MAX)
goto unlock;
/* When dirty tracking is enabled, allow only min supported pgsize */ /* When dirty tracking is enabled, allow only min supported pgsize */
if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) && if ((unmap->flags & VFIO_DMA_UNMAP_FLAG_GET_DIRTY_BITMAP) &&
(!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) { (!iommu->dirty_page_tracking || (bitmap->pgsize != pgsize))) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment