lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251029125226.81949-1-xueshuai@linux.alibaba.com>
Date: Wed, 29 Oct 2025 20:52:26 +0800
From: Shuai Xue <xueshuai@...ux.alibaba.com>
To: jgg@...pe.ca,
	iommu@...ts.linux.dev
Cc: kevin.tian@...el.com,
	joro@...tes.org,
	will@...nel.org,
	robin.murphy@....com,
	linux-kernel@...r.kernel.org,
	xueshuai@...ux.alibaba.com
Subject: [PATCH] iommu: iommufd: Explicitly check for VM_PFNMAP in iommufd_ioas_map

The iommufd_ioas_map function currently returns -EFAULT when attempting
to map VM_PFNMAP VMAs because pin_user_pages_fast() cannot handle such
mappings. This error code is misleading and does not accurately reflect
the nature of the failure.

Add an explicit check for the VM_PFNMAP flag before attempting the
pin_user_pages operation. If VM_PFNMAP is set, return -EOPNOTSUPP to
clearly indicate that PFNMAP regions are not supported through the
IOMMU_IOAS_MAP interface.

This change improves error reporting and helps userspace applications
distinguish between different failure modes when working with special
mappings like MMIO regions.

Note that Jason Gunthorpe is working on extending IOMMU_IOAS_MAP_FILE to
support dma-buf file descriptors for MMIO BARs[1], which will provide a
secure and controlled method for sharing device memory. Until that
support is available, PFNMAP mappings through IOMMUFD are not supported.
[1]https://lore.kernel.org/all/0-v1-64bed2430cdb+31b-iommufd_dmabuf_jgg@nvidia.com/

Signed-off-by: Shuai Xue <xueshuai@...ux.alibaba.com>
---
 drivers/iommu/iommufd/ioas.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/drivers/iommu/iommufd/ioas.c b/drivers/iommu/iommufd/ioas.c
index 0dee38d7252d..0c4f242eba49 100644
--- a/drivers/iommu/iommufd/ioas.c
+++ b/drivers/iommu/iommufd/ioas.c
@@ -241,6 +241,32 @@ int iommufd_ioas_map_file(struct iommufd_ucmd *ucmd)
 	return rc;
 }
 
+/**
+ * iommufd_check_vm_pfnmap - Check if a user address has the VM_PFNMAP flag set
+ * @vaddr: User virtual address to check
+ *
+ * This function checks if the VMA (Virtual Memory Area) containing the given
+ * virtual address has the VM_PFNMAP flag set. This flag is typically used for
+ * memory regions that directly map hardware resources (e.g., PCI BARs).
+ *
+ * Returns: true if VM_PFNMAP is set, false otherwise.
+ */
+static bool iommufd_check_vm_pfnmap(unsigned long vaddr)
+{
+	struct mm_struct *mm = current->mm;
+	struct vm_area_struct *vma;
+	bool ret = false;
+
+	mmap_read_lock(mm);
+	vaddr = untagged_addr_remote(mm, vaddr);
+	vma = vma_lookup(mm, vaddr);
+	if (vma && vma->vm_flags & VM_PFNMAP)
+		ret = true;
+	mmap_read_unlock(mm);
+
+	return ret;
+}
+
 int iommufd_ioas_map(struct iommufd_ucmd *ucmd)
 {
 	struct iommu_ioas_map *cmd = ucmd->cmd;
@@ -254,6 +280,8 @@ int iommufd_ioas_map(struct iommufd_ucmd *ucmd)
 	       IOMMU_IOAS_MAP_READABLE)) ||
 	    cmd->__reserved)
 		return -EOPNOTSUPP;
+	if (iommufd_check_vm_pfnmap(cmd->user_va))
+		return -EOPNOTSUPP;
 	if (cmd->iova >= ULONG_MAX || cmd->length >= ULONG_MAX)
 		return -EOVERFLOW;
 
-- 
2.39.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ