Check for IOMMU table validity in error handler

Message ID	1167019171.17313594.1678230168160.JavaMail.zimbra@raptorengineeringinc.com (mailing list archive)
State	Handled Elsewhere, archived
Headers	show Return-Path: <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> Date: Tue, 7 Mar 2023 17:02:48 -0600 (CST) From: Timothy Pearson <tpearson@raptorengineering.com> To: kvm <kvm@vger.kernel.org> Message-ID: <1167019171.17313594.1678230168160.JavaMail.zimbra@raptorengineeringinc.com> Subject: [PATCH] Check for IOMMU table validity in error handler MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Thread-Index: 16Rw4CWOU+ViWflRkxTny/P6bTpyWw== Thread-Topic: Check for IOMMU table validity in error handler Precedence: list Cc: linuxppc-dev <linuxppc-dev@lists.ozlabs.org> Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	Check for IOMMU table validity in error handler \| expand Check for IOMMU table validity in error handler

Message ID

1167019171.17313594.1678230168160.JavaMail.zimbra@raptorengineeringinc.com (mailing list archive)

State

Handled Elsewhere, archived

Headers

Date: Tue, 7 Mar 2023 17:02:48 -0600 (CST)
From: Timothy Pearson <tpearson@raptorengineering.com>
To: kvm <kvm@vger.kernel.org>
Message-ID: 
 <1167019171.17313594.1678230168160.JavaMail.zimbra@raptorengineeringinc.com>
Subject: [PATCH] Check for IOMMU table validity in error handler
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Thread-Index: 16Rw4CWOU+ViWflRkxTny/P6bTpyWw==
Thread-Topic: Check for IOMMU table validity in error handler
Precedence: list
Cc: linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Linuxppc-dev"
 <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

Check for IOMMU table validity in error handler | expand

Checks

Context	Check	Description
snowpatch_ozlabs/github-powerpc_sparse	success	Successfully ran 4 jobs.
snowpatch_ozlabs/github-powerpc_kernel_qemu	success	Successfully ran 24 jobs.
snowpatch_ozlabs/github-powerpc_clang	success	Successfully ran 6 jobs.

Context

Check

Description

snowpatch_ozlabs/github-powerpc_sparse

success

Successfully ran 4 jobs.

snowpatch_ozlabs/github-powerpc_kernel_qemu

success

Successfully ran 24 jobs.

snowpatch_ozlabs/github-powerpc_clang

success

Successfully ran 6 jobs.

Commit Message

Timothy Pearson March 7, 2023, 11:02 p.m. UTC

If tce_iommu_take_ownership is unable to take ownership of
a specific IOMMU table, the unwinder in the error handler
could attempt to release ownership of an invalid table.

Check validity of each table in the unwinder before attempting
to release ownership.  Thanks to Alex Williamson for the initial
observation!

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
---
 drivers/vfio/vfio_iommu_spapr_tce.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/vfio/vfio_iommu_spapr_tce.c b/drivers/vfio/vfio_iommu_spapr_tce.c
index 60a50ce8701e..c012ecb42ebc 100644
--- a/drivers/vfio/vfio_iommu_spapr_tce.c
+++ b/drivers/vfio/vfio_iommu_spapr_tce.c
@@ -1219,10 +1219,15 @@  static int tce_iommu_take_ownership(struct tce_container *container,
 
 		rc = iommu_take_ownership(tbl);
 		if (rc) {
-			for (j = 0; j < i; ++j)
-				iommu_release_ownership(
-						table_group->tables[j]);
+			for (j = 0; j < i; ++j) {
+				struct iommu_table *tbl =
+					table_group->tables[j];
 
+				if (!tbl || !tbl->it_map)
+					continue;
+
+				iommu_release_ownership(table_group->tables[j]);
+			}
 			return rc;
 		}
 	}

Check for IOMMU table validity in error handler

Checks

Commit Message

Patch