diff options
| author | Jason Gunthorpe <[email protected]> | 2024-08-22 11:45:54 -0300 |
|---|---|---|
| committer | Joerg Roedel <[email protected]> | 2024-08-26 09:16:13 +0200 |
| commit | 996dc53ac289b81957aa70d62ccadc6986d26a87 (patch) | |
| tree | 91ddee2e048995354102810341a414b04b1b3039 /security/selinux/hooks.c | |
| parent | 7af6c720417f21f015f46baa33e182f349ddc93b (diff) | |
iommufd: Do not allow creating areas without READ or WRITE
This results in passing 0 or just IOMMU_CACHE to iommu_map(). Most of
the page table formats don't like this:
amdv1 - -EINVAL
armv7s - returns 0, doesn't update mapped
arm-lpae - returns 0 doesn't update mapped
dart - returns 0, doesn't update mapped
VT-D - returns -EINVAL
Unfortunately the three formats that return 0 cause serious problems:
- Returning ret = but not uppdating mapped from domain->map_pages()
causes an infinite loop in __iommu_map()
- Not writing ioptes means that VFIO/iommufd have no way to recover them
and we will have memory leaks and worse during unmap
Since almost nothing can support this, and it is a useless thing to do,
block it early in iommufd.
Cc: [email protected]
Fixes: aad37e71d5c4 ("iommufd: IOCTLs for the io_pagetable")
Signed-off-by: Jason Gunthorpe <[email protected]>
Reviewed-by: Nicolin Chen <[email protected]>
Reviewed-by: Kevin Tian <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Joerg Roedel <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions