diff options
| author | Jason Gunthorpe <jgg@nvidia.com> | 2025-07-17 11:46:55 -0300 | 
|---|---|---|
| committer | Jason Gunthorpe <jgg@nvidia.com> | 2025-07-17 11:46:55 -0300 | 
| commit | b42497e3c0e74db061eafad41c0cd7243c46436b (patch) | |
| tree | b01a120f6428a55140d6debb8055d6a5b9f413bf /scripts/gdb/linux/stackdepot.py | |
| parent | 601b1d0d9395c711383452bd0d47037afbbb4bcf (diff) | |
iommufd: Prevent ALIGN() overflow
When allocating IOVA the candidate range gets aligned to the target
alignment. If the range is close to ULONG_MAX then the ALIGN() can
wrap resulting in a corrupted iova.
Open code the ALIGN() using get_add_overflow() to prevent this.
This simplifies the checks as we don't need to check for length earlier
either.
Consolidate the two copies of this code under a single helper.
This bug would allow userspace to create a mapping that overlaps with some
other mapping or a reserved range.
Cc: stable@vger.kernel.org
Fixes: 51fe6141f0f6 ("iommufd: Data structure to provide IOVA to PFN mapping")
Reported-by: syzbot+c2f65e2801743ca64e08@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/685af644.a00a0220.2e5631.0094.GAE@google.com
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Link: https://patch.msgid.link/all/1-v1-7b4a16fc390b+10f4-iommufd_alloc_overflow_jgg@nvidia.com/
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Diffstat (limited to 'scripts/gdb/linux/stackdepot.py')
0 files changed, 0 insertions, 0 deletions
