From patchwork Tue Oct 26 13:26:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Burakov, Anatoly" X-Patchwork-Id: 102924 X-Patchwork-Delegate: david.marchand@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 06E35A0547; Tue, 26 Oct 2021 15:30:07 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9C7D140E0F; Tue, 26 Oct 2021 15:30:06 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mails.dpdk.org (Postfix) with ESMTP id 91385407FF for ; Tue, 26 Oct 2021 15:30:04 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10148"; a="216812184" X-IronPort-AV: E=Sophos;i="5.87,184,1631602800"; d="scan'208";a="216812184" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2021 06:26:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,184,1631602800"; d="scan'208";a="722366356" Received: from silpixa00401191.ir.intel.com ([10.55.128.95]) by fmsmga006.fm.intel.com with ESMTP; 26 Oct 2021 06:26:46 -0700 From: Anatoly Burakov To: dev@dpdk.org, Maxime Coquelin , Xuan Ding Date: Tue, 26 Oct 2021 13:26:44 +0000 Message-Id: <8079312ba39435a0ac92e084cc1a3fe291008a47.1635254797.git.anatoly.burakov@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v1 1/1] vfio: fix partial unmap check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Partial unmap support was introduced in commit c13ca4e81cac, and with it was added a check that dereferenced the IOMMU type to determine whether partial ummapping is supported for currently configured IOMMU type. In certain circumstances (such as when VFIO is supported, but no devices were bound to the VFIO driver), the IOMMU type pointer can be NULL. However, dereferencing of IOMMU type was guarded by access to the user maps list - that is, we were always checking the user map list first, and then, if we found a memory region that encloses the one we're trying to unmap, we would have performed the IOMMU type check. This ensured that the IOMMU type check will not cause any NULL pointer dereferences, because in order for an IOMMU type check to have been performed, there necessarily must have been at least one memory region that was previously mapped successfully, and that implies having a defined IOMMU type. When 56259f7fc010 was introduced, the IOMMU type check was moved to before we were traversing the user mem maps list, thereby introducing a potential NULL dereference, because the IOMMU type access was no longer guarded by the user mem maps list traversal. Fix the issue by moving the IOMMU type check to after the user mem maps traversal, thereby ensuring that by the time the check happens, the IOMMU type is always valid. Fixes: 56259f7fc010 ("vfio: allow partially unmapping adjacent memory") Cc: xuan.ding@intel.com Signed-off-by: Anatoly Burakov Reviewed-by: David Marchand Tested-by: Xuan Ding --- lib/eal/linux/eal_vfio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/eal/linux/eal_vfio.c b/lib/eal/linux/eal_vfio.c index 657c89ca58..aa2087a2da 100644 --- a/lib/eal/linux/eal_vfio.c +++ b/lib/eal/linux/eal_vfio.c @@ -1943,9 +1943,6 @@ container_dma_unmap(struct vfio_config *vfio_cfg, uint64_t vaddr, uint64_t iova, * mappings, let's just rebuild them using information we have. */ - /* do we have partial unmap capability? */ - has_partial_unmap = vfio_cfg->vfio_iommu_type->partial_unmap; - /* * first thing to do is check if there exists a mapping that includes * the start and the end of our requested unmap. We need to collect all @@ -1961,6 +1958,9 @@ container_dma_unmap(struct vfio_config *vfio_cfg, uint64_t vaddr, uint64_t iova, goto out; } + /* do we have partial unmap capability? */ + has_partial_unmap = vfio_cfg->vfio_iommu_type->partial_unmap; + /* * if we don't support partial unmap, we must check if start and end of * current unmap region are chunk-aligned.