lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202111051119.HDSijFJn-lkp@intel.com>
Date:   Fri, 5 Nov 2021 11:05:28 +0800
From:   kernel test robot <lkp@...el.com>
To:     Liu Yi L <yi.l.liu@...el.com>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: [luxis1999-dev-iommu:iommufd-vfio-v5.16-rc1 29/32]
 drivers/iommufd/iommufd.c:339 iommufd_process_dma_op() warn: unsigned
 'dma.ioas' is never less than zero.

tree:   https://github.com/luxis1999/dev-iommu iommufd-vfio-v5.16-rc1
head:   0c6c7bdb5b3f7d4c8e6b03d34a59ac6bf3d02539
commit: 465aafaf97510d09bd68700c80ed3bb87db45077 [29/32] iommufd: Add IOMMU_IOAS_[UN]MAP_DMA
config: x86_64-randconfig-m001-20211105 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

New smatch warnings:
drivers/iommufd/iommufd.c:339 iommufd_process_dma_op() warn: unsigned 'dma.ioas' is never less than zero.

Old smatch warnings:
drivers/iommufd/iommufd.c:210 iommufd_ioas_alloc() error: dereferencing freed memory 'ioas'

vim +339 drivers/iommufd/iommufd.c

   325	
   326	static int iommufd_process_dma_op(struct iommufd_ctx *ictx,
   327					  unsigned long arg, bool map)
   328	{
   329		struct iommu_ioas_dma_op dma;
   330		unsigned long minsz;
   331		struct iommufd_ioas *ioas = NULL;
   332		int ret;
   333	
   334		minsz = offsetofend(struct iommu_ioas_dma_op, padding);
   335	
   336		if (copy_from_user(&dma, (void __user *)arg, minsz))
   337			return -EFAULT;
   338	
 > 339		if (dma.argsz < minsz || dma.flags || dma.ioas < 0)
   340			return -EINVAL;
   341	
   342		ioas = ioasid_get_ioas(ictx, dma.ioas);
   343		if (!ioas) {
   344			pr_err_ratelimited("unkonwn IOASID %u\n", dma.ioas);
   345			return -EINVAL;
   346		}
   347	
   348		down_read(&ioas->device_lock);
   349	
   350		/*
   351		 * Needs to block map/unmap request from userspace before IOAS
   352		 * is attached to any device.
   353		 */
   354		if (xa_empty(&ioas->device)) {
   355			ret = -EINVAL;
   356			goto out;
   357		}
   358	
   359		if (map)
   360			ret = vfio_iommu_type1_map_dma(ioas->vfio_iommu, arg + minsz);
   361		else
   362			ret = vfio_iommu_type1_unmap_dma(ioas->vfio_iommu, arg + minsz);
   363	out:
   364		up_read(&ioas->device_lock);
   365		ioas_put(ioas);
   366	
   367		return ret;
   368	};
   369	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (34507 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ