Commit d73cf5ff authored Jul 10, 2024 by Lu Baolu Committed by Jason Gunthorpe Jul 12, 2024

iommufd: Add check on user response code

The response code from user space is only allowed to be SUCCESS or
INVALID. All other values are treated by the device as a response code of
Response Failure according to PCI spec, section 10.4.2.1.  This response
disables the Page Request Interface for the Function.

Add a check in iommufd_fault_fops_write() to avoid invalid response
code.

Fixes: 07838f7f ("iommufd: Add iommufd fault object")
Link: https://lore.kernel.org/r/20240710083341.44617-3-baolu.lu@linux.intel.com


Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

parent 861f96a7

drivers/iommu/iommufd/fault.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -305,6 +305,16 @@ static ssize_t iommufd_fault_fops_write(struct file filep, const char __user b
		if (rc)
		break;

		static_assert((int)IOMMUFD_PAGE_RESP_SUCCESS ==
		(int)IOMMU_PAGE_RESP_SUCCESS);
		static_assert((int)IOMMUFD_PAGE_RESP_INVALID ==
		(int)IOMMU_PAGE_RESP_INVALID);
		if (response.code != IOMMUFD_PAGE_RESP_SUCCESS &&
		response.code != IOMMUFD_PAGE_RESP_INVALID) {
		rc = -EINVAL;
		break;
		}

		group = xa_erase(&fault->response, response.cookie);
		if (!group) {
		rc = -EINVAL;