Commit 690e2aba authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'vfio-v5.7-rc4' of git://github.com/awilliam/linux-vfio

Pull VFIO fixes from Alex Williamson:

 - copy_*_user validity check for new vfio_dma_rw interface (Yan Zhao)

 - Fix a potential math overflow (Yan Zhao)

 - Use follow_pfn() for calculating PFNMAPs (Sean Christopherson)

* tag 'vfio-v5.7-rc4' of git://github.com/awilliam/linux-vfio:
  vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
  vfio: avoid possible overflow in vfio_iommu_type1_pin_pages
  vfio: checking of validity of user vaddr in vfio_dma_rw
parents 42eb62d4 5cbf3264
...@@ -342,8 +342,8 @@ static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr, ...@@ -342,8 +342,8 @@ static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr,
vma = find_vma_intersection(mm, vaddr, vaddr + 1); vma = find_vma_intersection(mm, vaddr, vaddr + 1);
if (vma && vma->vm_flags & VM_PFNMAP) { if (vma && vma->vm_flags & VM_PFNMAP) {
*pfn = ((vaddr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; if (!follow_pfn(vma, vaddr, pfn) &&
if (is_invalid_reserved_pfn(*pfn)) is_invalid_reserved_pfn(*pfn))
ret = 0; ret = 0;
} }
done: done:
...@@ -555,7 +555,7 @@ static int vfio_iommu_type1_pin_pages(void *iommu_data, ...@@ -555,7 +555,7 @@ static int vfio_iommu_type1_pin_pages(void *iommu_data,
continue; continue;
} }
remote_vaddr = dma->vaddr + iova - dma->iova; remote_vaddr = dma->vaddr + (iova - dma->iova);
ret = vfio_pin_page_external(dma, remote_vaddr, &phys_pfn[i], ret = vfio_pin_page_external(dma, remote_vaddr, &phys_pfn[i],
do_accounting); do_accounting);
if (ret) if (ret)
...@@ -2345,10 +2345,10 @@ static int vfio_iommu_type1_dma_rw_chunk(struct vfio_iommu *iommu, ...@@ -2345,10 +2345,10 @@ static int vfio_iommu_type1_dma_rw_chunk(struct vfio_iommu *iommu,
vaddr = dma->vaddr + offset; vaddr = dma->vaddr + offset;
if (write) if (write)
*copied = __copy_to_user((void __user *)vaddr, data, *copied = copy_to_user((void __user *)vaddr, data,
count) ? 0 : count; count) ? 0 : count;
else else
*copied = __copy_from_user(data, (void __user *)vaddr, *copied = copy_from_user(data, (void __user *)vaddr,
count) ? 0 : count; count) ? 0 : count;
if (kthread) if (kthread)
unuse_mm(mm); unuse_mm(mm);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment