On 7/26/22 11:01 AM, Eric Farman wrote:
As pointed out with the simplification of the
VFIO_IOMMU_NOTIFY_DMA_UNMAP notifier [1], the length
parameter was never used to check against the pinned
pages.
Let's correct that, and see if a page is within the
affected range instead of simply the first page of
the range.
[1] https://lore.kernel.org/kvm/20220720170457.39cda0d0.alex.williamson@xxxxxxxxxx/
Signed-off-by: Eric Farman <farman@xxxxxxxxxxxxx>
---
drivers/s390/cio/vfio_ccw_cp.c | 11 +++++++----
drivers/s390/cio/vfio_ccw_cp.h | 2 +-
drivers/s390/cio/vfio_ccw_ops.c | 2 +-
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
index 8963f452f963..f15b5114abd1 100644
--- a/drivers/s390/cio/vfio_ccw_cp.c
+++ b/drivers/s390/cio/vfio_ccw_cp.c
@@ -170,12 +170,14 @@ static void page_array_unpin_free(struct page_array *pa, struct vfio_device *vde
kfree(pa->pa_iova);
}
-static bool page_array_iova_pinned(struct page_array *pa, unsigned long iova)
+static bool page_array_iova_pinned(struct page_array *pa, unsigned long iova,
+ unsigned long length)
{
int i;
for (i = 0; i < pa->pa_nr; i++)
- if (pa->pa_iova[i] == iova)
+ if (pa->pa_iova[i] >= iova &&
+ pa->pa_iova[i] <= iova + length)
For the sake of completeness, I think you want to be checking to make
sure the end of the page is also within the range, not just the start?
if (pa->pa_iova[i] >= iova &&
pa->pa_iova[i] + PAGE_SIZE <= iova + length)
