[PATCH 1/5] vfio/type1: Catch zero from pin_user_pages_remote()

From: Alex Williamson
Date: Wed Feb 05 2025 - 18:18:35 EST

Next message: Alex Williamson: "[PATCH 2/5] vfio/type1: Convert all vaddr_get_pfns() callers to use vfio_batch"
Previous message: Alex Williamson: "[PATCH 0/5] vfio: Improve DMA mapping performance for huge pfnmaps"
In reply to: Alex Williamson: "[PATCH 0/5] vfio: Improve DMA mapping performance for huge pfnmaps"
Next in thread: Mitchell Augustin: "Re: [PATCH 1/5] vfio/type1: Catch zero from pin_user_pages_remote()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

pin_user_pages_remote() can currently return zero for invalid args
or zero nr_pages, neither of which should ever happen. However
vaddr_get_pfns() indicates it should only ever return a positive
value or -errno and there's a theoretical case where this can slip
through and be unhandled by callers. Therefore convert zero to
-EFAULT.

Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
---
drivers/vfio/vfio_iommu_type1.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 50ebc9593c9d..119cf886d8c0 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -564,6 +564,8 @@ static int vaddr_get_pfns(struct mm_struct *mm, unsigned long vaddr,
if (ret > 0) {
*pfn = page_to_pfn(pages[0]);
goto done;
+ } else if (!ret) {
+ ret = -EFAULT;
}

vaddr = untagged_addr_remote(mm, vaddr);
--
2.47.1

Next message: Alex Williamson: "[PATCH 2/5] vfio/type1: Convert all vaddr_get_pfns() callers to use vfio_batch"
Previous message: Alex Williamson: "[PATCH 0/5] vfio: Improve DMA mapping performance for huge pfnmaps"
In reply to: Alex Williamson: "[PATCH 0/5] vfio: Improve DMA mapping performance for huge pfnmaps"
Next in thread: Mitchell Augustin: "Re: [PATCH 1/5] vfio/type1: Catch zero from pin_user_pages_remote()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]