iommufd: Do not allow creating areas without READ or WRITE - kernel

diff options

author	Jason Gunthorpe <[email protected]>	2024-08-22 14:45:54 +0000
committer	Joerg Roedel <[email protected]>	2024-08-26 07:16:13 +0000
commit	996dc53ac289b81957aa70d62ccadc6986d26a87 (patch)
tree	91ddee2e048995354102810341a414b04b1b3039 /security/selinux/hooks.c
parent	iommu/vt-d: Fix incorrect domain ID in context flush helper (diff)
download	kernel-996dc53ac289b81957aa70d62ccadc6986d26a87.tar.gz kernel-996dc53ac289b81957aa70d62ccadc6986d26a87.zip

iommufd: Do not allow creating areas without READ or WRITE

This results in passing 0 or just IOMMU_CACHE to iommu_map(). Most of the page table formats don't like this: amdv1 - -EINVAL armv7s - returns 0, doesn't update mapped arm-lpae - returns 0 doesn't update mapped dart - returns 0, doesn't update mapped VT-D - returns -EINVAL Unfortunately the three formats that return 0 cause serious problems: - Returning ret = but not uppdating mapped from domain->map_pages() causes an infinite loop in __iommu_map() - Not writing ioptes means that VFIO/iommufd have no way to recover them and we will have memory leaks and worse during unmap Since almost nothing can support this, and it is a useless thing to do, block it early in iommufd. Cc: [email protected] Fixes: aad37e71d5c4 ("iommufd: IOCTLs for the io_pagetable") Signed-off-by: Jason Gunthorpe <[email protected]> Reviewed-by: Nicolin Chen <[email protected]> Reviewed-by: Kevin Tian <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Joerg Roedel <[email protected]>

Diffstat (limited to 'security/selinux/hooks.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: