On Tue, Oct 25, 2022 at 03:12:18PM -0300, Jason Gunthorpe wrote:
> +/* All existing area's conform to an increased page size */
> +static int iopt_check_iova_alignment(struct io_pagetable *iopt,
> + unsigned long new_iova_alignment)
> +{
> + struct iopt_area *area;
> +
> + lockdep_assert_held(&iopt->iova_rwsem);
> +
> + for (area = iopt_area_iter_first(iopt, 0, ULONG_MAX); area;
> + area = iopt_area_iter_next(area, 0, ULONG_MAX))
> + if ((iopt_area_iova(area) % new_iova_alignment) ||
> + (iopt_area_length(area) % new_iova_alignment))
> + return -EADDRINUSE;
While working on the last syzkaller bug I noticed this doesn't reject
bad user VAs when doing an alignment upgrade, and the return code got
botched during some refactoring:
@@ -801,14 +801,16 @@ static int iopt_fill_domain(struct io_pagetable *iopt,
static int iopt_check_iova_alignment(struct io_pagetable *iopt,
unsigned long new_iova_alignment)
{
+ unsigned long align_mask = new_iova_alignment - 1;
struct iopt_area *area;
lockdep_assert_held(&iopt->iova_rwsem);
for (area = iopt_area_iter_first(iopt, 0, ULONG_MAX); area;
area = iopt_area_iter_next(area, 0, ULONG_MAX))
- if ((iopt_area_iova(area) % new_iova_alignment) ||
- (iopt_area_length(area) % new_iova_alignment))
+ if ((iopt_area_iova(area) & align_mask) ||
+ (iopt_area_length(area) & align_mask) ||
+ (area->page_offset & align_mask))
return -EADDRINUSE;
return 0;
}
@@ -891,7 +893,7 @@ int iopt_table_add_domain(struct io_pagetable *iopt,
return rc;
}
-static bool iopt_calculate_iova_alignment(struct io_pagetable *iopt)
+static int iopt_calculate_iova_alignment(struct io_pagetable *iopt)
{
unsigned long new_iova_alignment;
struct iommu_domain *domain;
@@ -913,7 +915,7 @@ static bool iopt_calculate_iova_alignment(struct io_pagetable *iopt)
rc = iopt_check_iova_alignment(iopt, new_iova_alignment);
if (rc)
- return -EADDRINUSE;
+ return rc;
}
iopt->iova_alignment = new_iova_alignment;
return 0;
And added a test to cover.
Jason
