rpms/kernel
8
2
Fork 6
Code Issues Pull Requests Releases Activity

Add patch to fix VFIO IOMMU crash (rhbz 998732)

Browse Source
This commit is contained in:
Josh Boyer 2013-10-09 09:01:38 -04:00
parent 874c607aa2
commit 0713af68c6
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
kernel.spec
View File

@ -744,6 +744,9 @@ Patch25116: rt2800-add-support-for-rf3070.patch
#rhbz 982153 #rhbz 982153
Patch25123: iommu-Remove-stack-trace-from-broken-irq-remapping-warning.patch Patch25123: iommu-Remove-stack-trace-from-broken-irq-remapping-warning.patch
#rhbz 998732
Patch25124: vfio-iommu-Fixed-interaction-of-VFIO_IOMMU_MAP_DMA.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
%endif %endif
@ -1446,6 +1449,9 @@ ApplyPatch rt2800-add-support-for-rf3070.patch
#rhbz 982153 #rhbz 982153
ApplyPatch iommu-Remove-stack-trace-from-broken-irq-remapping-warning.patch ApplyPatch iommu-Remove-stack-trace-from-broken-irq-remapping-warning.patch
#rhbz 998732
ApplyPatch vfio-iommu-Fixed-interaction-of-VFIO_IOMMU_MAP_DMA.patch
# END OF PATCH APPLICATIONS # END OF PATCH APPLICATIONS
%endif %endif
@ -2250,6 +2256,9 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Wed Oct 09 2013 Josh Boyer <jwboyer@fedoraproject.org>
- Add patch to fix VFIO IOMMU crash (rhbz 998732)
* Tue Oct 8 2013 Peter Robinson <pbrobinson@fedoraproject.org> * Tue Oct 8 2013 Peter Robinson <pbrobinson@fedoraproject.org>
- Tiny ARM config update - Tiny ARM config update

39
vfio-iommu-Fixed-interaction-of-VFIO_IOMMU_MAP_DMA.patch Normal file
View File

@ -0,0 +1,39 @@
From: Julian Stecklina <jsteckli@os.info.tu-dresden.de>
Subject: [PATCH] vfio, iommu: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address limits
The BUG_ON in drivers/iommu/intel-iommu.c:785 can be triggered from userspace via
VFIO by calling the VFIO_IOMMU_MAP_DMA ioctl on a vfio device with any address
beyond the addressing capabilities of the IOMMU. The problem is that the ioctl code
calls iommu_iova_to_phys before it calls iommu_map. iommu_map handles the case that
it gets addresses beyond the addressing capabilities of its IOMMU.
intel_iommu_iova_to_phys does not.
This patch fixes iommu_iova_to_phys to return NULL for addresses beyond what the
IOMMU can handle. This in turn causes the ioctl call to fail in iommu_map and
(correctly) return EFAULT to the user with a helpful warning message in the kernel
log.
Signed-off-by: Julian Stecklina <jsteckli@os.inf.tu-dresden.de>
---
drivers/iommu/intel-iommu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index eec0d3e..61303db 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -782,7 +782,11 @@ static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
int offset;
BUG_ON(!domain->pgd);
- BUG_ON(addr_width < BITS_PER_LONG && pfn >> addr_width);
+
+ if (addr_width < BITS_PER_LONG && pfn >> addr_width)
+ /* Address beyond IOMMU's addressing capabilities. */
+ return NULL;
+
parent = domain->pgd;
while (level > 0) {
--
1.8.3.1