Commit 9b77e5c7 authored by Shameer Kolothum's avatar Shameer Kolothum Committed by Alex Williamson

vfio/type1: check dma map request is within a valid iova range

This checks and rejects any dma map request outside valid iova
range.
Signed-off-by: default avatarShameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: default avatarEric Auger <eric.auger@redhat.com>
Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent f45daadf
...@@ -1038,6 +1038,27 @@ static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma, ...@@ -1038,6 +1038,27 @@ static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma,
return ret; return ret;
} }
/*
* Check dma map request is within a valid iova range
*/
static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu,
dma_addr_t start, dma_addr_t end)
{
struct list_head *iova = &iommu->iova_list;
struct vfio_iova *node;
list_for_each_entry(node, iova, list) {
if (start >= node->start && end <= node->end)
return true;
}
/*
* Check for list_empty() as well since a container with
* a single mdev device will have an empty list.
*/
return list_empty(iova);
}
static int vfio_dma_do_map(struct vfio_iommu *iommu, static int vfio_dma_do_map(struct vfio_iommu *iommu,
struct vfio_iommu_type1_dma_map *map) struct vfio_iommu_type1_dma_map *map)
{ {
...@@ -1081,6 +1102,11 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu, ...@@ -1081,6 +1102,11 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu,
goto out_unlock; goto out_unlock;
} }
if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) {
ret = -EINVAL;
goto out_unlock;
}
dma = kzalloc(sizeof(*dma), GFP_KERNEL); dma = kzalloc(sizeof(*dma), GFP_KERNEL);
if (!dma) { if (!dma) {
ret = -ENOMEM; ret = -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment