Re: [PATCH] iommu/dma: Fix iova map result check bug

From: Miles Chen
Date: Sun May 08 2022 - 12:01:34 EST

Next message: José Expósito: "[PATCH for-5.19/uclogic 0/7] DIGImend patches, part VI"
Previous message: Michael Kelley (LINUX): "RE: [PATCH 0/4] Remove support for Hyper-V 2008 and 2008R2/Win7"
Next in thread: Robin Murphy: "Re: [PATCH] iommu/dma: Fix iova map result check bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The data type of the return value of the iommu_map_sg_atomic
> is ssize_t, but the data type of iova size is size_t,
> e.g. one is int while the other is unsigned int.
>
> When iommu_map_sg_atomic return value is compared with iova size,
> it will force the signed int to be converted to unsigned int, if
> iova map fails and iommu_map_sg_atomic return error code is less
> than 0, then (ret < iova_len) is false, which will to cause not
> do free iova, and the master can still successfully get the iova
> of map fail, which is not expected.
>
> Therefore, we need to check the return value of iommu_map_sg_atomic
> in two cases according to whether it is less than 0.
>
> Fixes: ad8f36e4b6b1 ("iommu: return full error code from iommu_map_sg[_atomic]()")
> Signed-off-by: Yunfei Wang <yf.wang@xxxxxxxxxxxx>

Yes, we have to make sure ssize_t >= 0 before comparing ssize_t and size_t.

Reviewed-by: Miles Chen <miles.chen@xxxxxxxxxxxx>
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 5.15.*

Next message: José Expósito: "[PATCH for-5.19/uclogic 0/7] DIGImend patches, part VI"
Previous message: Michael Kelley (LINUX): "RE: [PATCH 0/4] Remove support for Hyper-V 2008 and 2008R2/Win7"
Next in thread: Robin Murphy: "Re: [PATCH] iommu/dma: Fix iova map result check bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]