MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1ee5aa765c
linux-yocto/drivers/iommu/iommufd
History
Nicolin Chen e721f619e3 iommufd: Fix struct iommu_hwpt_pgfault init and padding 
The iommu_hwpt_pgfault is used to report IO page fault data to userspace,
but iommufd_fault_fops_read was never zeroing its padding. This leaks the
content of the kernel stack memory to userspace.

Also, the iommufd uAPI requires explicit padding and use of __aligned_u64
to ensure ABI compatibility's with 32 bit.

pahole result, before:
struct iommu_hwpt_pgfault {
        __u32     flags;                /*     0     4 */
        __u32     dev_id;               /*     4     4 */
        __u32     pasid;                /*     8     4 */
        __u32     grpid;                /*    12     4 */
        __u32     perm;                 /*    16     4 */

        /* XXX 4 bytes hole, try to pack */

        __u64     addr;                 /*    24     8 */
        __u32     length;               /*    32     4 */
        __u32     cookie;               /*    36     4 */

        /* size: 40, cachelines: 1, members: 8 */
        /* sum members: 36, holes: 1, sum holes: 4 */
        /* last cacheline: 40 bytes */
};

pahole result, after:
struct iommu_hwpt_pgfault {
        __u32      flags;                /*     0     4 */
        __u32      dev_id;               /*     4     4 */
        __u32      pasid;                /*     8     4 */
        __u32      grpid;                /*    12     4 */
        __u32      perm;                 /*    16     4 */
        __u32      __reserved;           /*    20     4 */
        __u64      addr __attribute__((__aligned__(8))); /*    24     8 */
        __u32      length;               /*    32     4 */
        __u32      cookie;               /*    36     4 */

        /* size: 40, cachelines: 1, members: 9 */
        /* forced alignments: 1 */
        /* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));

Fixes: c714f15860 ("iommufd: Add fault and response message definitions")
Link: https://patch.msgid.link/r/20250120195051.2450-1-nicolinc@nvidia.com
Cc: stable@vger.kernel.org
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2025-01-21 13:55:49 -04:00
..
device.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
double_span.h
driver.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
fault.c iommufd: Fix struct iommu_hwpt_pgfault init and padding 2025-01-21 13:55:49 -04:00
hw_pagetable.c iommufd: Deal with IOMMU_HWPT_FAULT_ID_VALID in iommufd core 2024-12-11 15:46:14 -04:00
io_pagetable.c iommufd: Add IOMMU_IOAS_MAP_FILE 2024-10-28 13:24:24 -03:00
io_pagetable.h iommufd: Add IOMMU_IOAS_CHANGE_PROCESS 2024-11-14 12:57:13 -04:00
ioas.c iommufd: Add IOMMU_IOAS_CHANGE_PROCESS 2024-11-14 12:57:13 -04:00
iommufd_private.h iommufd/fault: Use a separate spinlock to protect fault->deliver list 2025-01-20 12:31:15 -04:00
iommufd_test.h iommufd/selftest: Add IOMMU_TEST_OP_DEV_CHECK_CACHE test command 2024-11-12 11:46:19 -04:00
iova_bitmap.c iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() 2025-01-14 13:53:18 -04:00
Kconfig iommufd: Move _iommufd_object_alloc helper to a sharable file 2024-11-12 11:46:18 -04:00
main.c iommufd: Keep OBJ/IOCTL lists in an alphabetical order 2025-01-14 15:26:46 -04:00
Makefile iommufd/viommu: Add IOMMU_VIOMMU_ALLOC ioctl 2024-11-12 11:46:18 -04:00
pages.c iommufd: Export do_update_pinned 2024-11-14 12:47:16 -04:00
selftest.c iommufd: Deal with IOMMU_HWPT_FAULT_ID_VALID in iommufd core 2024-12-11 15:46:14 -04:00
vfio_compat.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
viommu.c iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl 2024-11-12 11:46:18 -04:00