From nobody Sun Feb 8 14:07:30 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1649279618736414.5663656669989; Wed, 6 Apr 2022 14:13:38 -0700 (PDT) Received: from localhost ([::1]:49606 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ncCy9-00009F-L3 for importer@patchew.org; Wed, 06 Apr 2022 17:13:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49582) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncCwa-0006a6-9Q for qemu-devel@nongnu.org; Wed, 06 Apr 2022 17:12:00 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:57106) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncCwX-0004jr-MV for qemu-devel@nongnu.org; Wed, 06 Apr 2022 17:11:59 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-44-OIQJY44eMtuCyXHkuSL20Q-1; Wed, 06 Apr 2022 17:11:56 -0400 Received: by mail-wm1-f70.google.com with SMTP id bg8-20020a05600c3c8800b0038e6a989925so952499wmb.3 for ; Wed, 06 Apr 2022 14:11:56 -0700 (PDT) Received: from redhat.com ([2.52.15.99]) by smtp.gmail.com with ESMTPSA id v13-20020adfe28d000000b0020375f27a5asm16066100wri.4.2022.04.06.14.11.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 14:11:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1649279517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=hujmOXIeib1MXC792mUHaQ3b6Dw/BEMKcjVBpMYvJUk=; b=cy+x2UWeRNsOQBdoEF63w5ZRPONOmB5cqARUmhB+zT0lrF2bOHpGilcW6rX1YLnfmSsGjq qJ/maDRY+fek7Zm926ZxFxKVt/QWbZmuyGWRnslqunKYsDFBnaLWdiY2oqDfLmG7kGdpOZ S1PVG+IAe5BMrB5dNNZazgHH1Lo0saw= X-MC-Unique: OIQJY44eMtuCyXHkuSL20Q-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=hujmOXIeib1MXC792mUHaQ3b6Dw/BEMKcjVBpMYvJUk=; b=LStpzFOGyKQwO67t6GdOc2evt7qv7LkbcUwek3JBAJ48Y8fKdTh5boipJdnQC1HWMQ GSwfdYO3qaPNsb0d5XX6e1D75j/lJNucuaLXJS8WHDE9mI+jerjPds+UUv59fTnX/lyZ OQpiKd8jlzed0nRXOd9N2ZxBZNns+0foYnN2kLDxKbowtYZKJobE+U8F9ikTHgjVsuev OR3pYnsTecQEcq6g1TpekNsH9cuBeNa4uFwN54sAHgrlSII/8R2Jb9k4CBObH/CUIvfV nreTSt/EbcamTeD6yDCDioM5ge+Oqg3MsyDgI4mG6iWMaDrUpA0iefRe7n2EH99lUVwZ Z4gA== X-Gm-Message-State: AOAM532a3e5helb+BCKegkRSPXtk7rZmtVpy2rEmVYkHul0EvcEQ+a3M VXqDKs2qcfeOkUsuq6IoCIXW9x+DScVI4Qb/HGB28kmtXZsJu6he+xfO2YdtZeu3uWiPcUZJz/O a/9SSOnHF+zE4PDoea4cm4Zgw1bziBzqNr81WJpV5VQ9s+DnYC/YIXE9J4ntq X-Received: by 2002:adf:e0ce:0:b0:1ef:706d:d6b9 with SMTP id m14-20020adfe0ce000000b001ef706dd6b9mr8290913wri.71.1649279514814; Wed, 06 Apr 2022 14:11:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy7u/NqLRmffKo9OHlTbWeczZti+/bEtCIEcQ6yjofANo49ZCZ7oi1uLLJ3j266Z74n9zOiqg== X-Received: by 2002:adf:e0ce:0:b0:1ef:706d:d6b9 with SMTP id m14-20020adfe0ce000000b001ef706dd6b9mr8290895wri.71.1649279514433; Wed, 06 Apr 2022 14:11:54 -0700 (PDT) Date: Wed, 6 Apr 2022 17:11:51 -0400 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Subject: [PULL 1/3] virtio: fix feature negotiation for ACCESS_PLATFORM Message-ID: <20220406211137.38840-2-mst@redhat.com> References: <20220406211137.38840-1-mst@redhat.com> MIME-Version: 1.0 In-Reply-To: <20220406211137.38840-1-mst@redhat.com> X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mst@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Halil Pasic , Peter Maydell , Cornelia Huck Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1649279619708100002 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Halil Pasic Unlike most virtio features ACCESS_PLATFORM is considered mandatory by QEMU, i.e. the driver must accept it if offered by the device. The virtio specification says that the driver SHOULD accept the ACCESS_PLATFORM feature if offered, and that the device MAY fail to operate if ACCESS_PLATFORM was offered but not negotiated. While a SHOULD ain't exactly a MUST, we are certainly allowed to fail the device when the driver fences ACCESS_PLATFORM. With commit 2943b53f68 ("virtio: force VIRTIO_F_IOMMU_PLATFORM") we already made the decision to do so whenever the get_dma_as() callback is implemented (by the bus), which in practice means for the entirety of virtio-pci. That means, if the device needs to translate I/O addresses, then ACCESS_PLATFORM is mandatory. The aforementioned commit tells us in the commit message that this is for security reasons. More precisely if we were to allow a less then trusted driver (e.g. an user-space driver, or a nested guest) to make the device bypass the IOMMU by not negotiating ACCESS_PLATFORM, then the guest kernel would have no ability to control/police (by programming the IOMMU) what pieces of guest memory the driver may manipulate using the device. Which would break security assumptions within the guest. If ACCESS_PLATFORM is offered not because we want the device to utilize an IOMMU and do address translation, but because the device does not have access to the entire guest RAM, and needs the driver to grant access to the bits it needs access to (e.g. confidential guest support), we still require the guest to have the corresponding logic and to accept ACCESS_PLATFORM. If the driver does not accept ACCESS_PLATFORM, then things are bound to go wrong, and we may see failures much less graceful than failing the device because the driver didn't negotiate ACCESS_PLATFORM. So let us make ACCESS_PLATFORM mandatory for the driver regardless of whether the get_dma_as() callback is implemented or not. Signed-off-by: Halil Pasic Fixes: 2943b53f68 ("virtio: force VIRTIO_F_IOMMU_PLATFORM") Message-Id: <20220307112939.2780117-1-pasic@linux.ibm.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Cornelia Huck --- hw/virtio/virtio-bus.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c index 0f69d1c742..d7ec023adf 100644 --- a/hw/virtio/virtio-bus.c +++ b/hw/virtio/virtio-bus.c @@ -78,17 +78,23 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Erro= r **errp) return; } =20 - vdev_has_iommu =3D virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFO= RM); - if (klass->get_dma_as !=3D NULL && has_iommu) { + vdev->dma_as =3D &address_space_memory; + if (has_iommu) { + vdev_has_iommu =3D virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PL= ATFORM); + /* + * Present IOMMU_PLATFORM to the driver iff iommu_plattform=3Don a= nd + * device operational. If the driver does not accept IOMMU_PLATFORM + * we fail the device. + */ virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM); - vdev->dma_as =3D klass->get_dma_as(qbus->parent); - if (!vdev_has_iommu && vdev->dma_as !=3D &address_space_memory) { - error_setg(errp, + if (klass->get_dma_as) { + vdev->dma_as =3D klass->get_dma_as(qbus->parent); + if (!vdev_has_iommu && vdev->dma_as !=3D &address_space_memory= ) { + error_setg(errp, "iommu_platform=3Dtrue is not supported by the devi= ce"); - return; + return; + } } - } else { - vdev->dma_as =3D &address_space_memory; } } =20 --=20 MST From nobody Sun Feb 8 14:07:30 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1649279739586939.4973133431919; Wed, 6 Apr 2022 14:15:39 -0700 (PDT) Received: from localhost ([::1]:55240 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ncD06-00045W-Kz for importer@patchew.org; Wed, 06 Apr 2022 17:15:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49600) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncCwe-0006av-3j for qemu-devel@nongnu.org; Wed, 06 Apr 2022 17:12:04 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:40738) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncCwb-0004kS-Fx for qemu-devel@nongnu.org; Wed, 06 Apr 2022 17:12:02 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-416-rfpAe1GvPNeiu8as_-0o0A-1; Wed, 06 Apr 2022 17:11:59 -0400 Received: by mail-wm1-f70.google.com with SMTP id l19-20020a05600c1d1300b0038e736f98faso951490wms.4 for ; Wed, 06 Apr 2022 14:11:59 -0700 (PDT) Received: from redhat.com ([2.52.15.99]) by smtp.gmail.com with ESMTPSA id bi20-20020a05600c3d9400b0038cfe80eeddsm5300032wmb.29.2022.04.06.14.11.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 14:11:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1649279520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=u0mNmytbvefXEVGdA2NGtUyUOKC//ISODVygseXjcAg=; b=hXzB50lB5wrZqOa4KNkUpLtZzMgMBNXcOQy67TS79kfUv2iIdGKi3IdDvr1JKMFHGJ8BxG R/2OOIBdf1B1F6N6a5UCHK8rtKHS3aKAXHQmq0p+23gygNxfxB51bRcQznvMhTNQzY6WQ/ e+Kto2Wt3iNdGnKLRh5sMJ6RWNQruvE= X-MC-Unique: rfpAe1GvPNeiu8as_-0o0A-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=u0mNmytbvefXEVGdA2NGtUyUOKC//ISODVygseXjcAg=; b=tYhnhOJfN35spgeAw9zeb0lwygW4Hw4CHU4uE8kR+1Rrzy1bsPWnOo7ZprPvKotnMO dBY4nx2T+Tiwhv2f004FZsZWD4w7P2kXuE3mxMItbLWKr3wlw6zPq6xLV2pTSEKgiFVt YcOMtG1hl4c/F7KR+uMaL6bwnDeVekUkteP8hm2VVWfcZvqr71TVc+ZH25PVMaLPwSFa Sa0C2zFvj/zxofC7HHORx9kA17SZnxQlIP27sB+ST5zs0ex7Q30dtny1JGfGB6oTz6BT rnPcYbKs91pknc5Hqyo1Mp8kOiDoS+nSJD8WI7zz9B2s6ip8fxVAdysNoaLM0n1V1Dh/ 6UZg== X-Gm-Message-State: AOAM533h17wkHdIvyvZuWy/n6v0mzBAHEcg1F9WcRAZhCq56gEB1NGMn WW1LPs5WMXHbE1MLqvB5ZMjEeoQee1it4pUhG3chxYohxdvQXFJXp9pBi6V64zbPj40ImVd2NQc 6FvlPLBvK3DNf5XspM0h74gxX/N91yOzsp1j0zR8rGcQ8X3WDf7FPID4lAvPi X-Received: by 2002:a05:6000:156a:b0:204:1fb0:47e with SMTP id 10-20020a056000156a00b002041fb0047emr8128648wrz.590.1649279518166; Wed, 06 Apr 2022 14:11:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxl1+S8f1RG38BdxLfJiWMyrxLWYrzE6FOLsAVevQVDbpmL8aZRQN8ra9zz9Fp1yCUQD/ESDw== X-Received: by 2002:a05:6000:156a:b0:204:1fb0:47e with SMTP id 10-20020a056000156a00b002041fb0047emr8128628wrz.590.1649279517813; Wed, 06 Apr 2022 14:11:57 -0700 (PDT) Date: Wed, 6 Apr 2022 17:11:54 -0400 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Subject: [PULL 2/3] intel-iommu: correct the value used for error_setg_errno() Message-ID: <20220406211137.38840-3-mst@redhat.com> References: <20220406211137.38840-1-mst@redhat.com> MIME-Version: 1.0 In-Reply-To: <20220406211137.38840-1-mst@redhat.com> X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mst@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eduardo Habkost , Peter Maydell , Jason Wang , Richard Henderson , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1649279740519100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jason Wang error_setg_errno() expects a normal errno value, not a negated one, so we should use ENOTSUP instead of -ENOSUP. Fixes: Coverity CID 1487174 Fixes: ("intel_iommu: support snoop control") Signed-off-by: Jason Wang Message-Id: <20220401022824.9337-1-jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Maydell Reviewed-by: Peter Xu --- hw/i386/intel_iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index 32471a44cb..b4b4c82be6 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -3032,7 +3032,7 @@ static int vtd_iommu_notify_flag_changed(IOMMUMemoryR= egion *iommu, =20 /* TODO: add support for VFIO and vhost users */ if (s->snoop_control) { - error_setg_errno(errp, -ENOTSUP, + error_setg_errno(errp, ENOTSUP, "Snoop Control with vhost or VFIO is not supporte= d"); return -ENOTSUP; } --=20 MST From nobody Sun Feb 8 14:07:30 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1649279620; cv=none; d=zohomail.com; s=zohoarc; b=SdKzqczQriNbolRImQS0smn7Fp1YXTA7Kt5qFUeDKm69/TNIKS4b6ShiMWARpJzokOoyhtHJPmq525D/XLvSgfi3gF+mvmaNqVB6KOvED3KSIrlKYe1sneExcPTrPWLIR8YaXQyq2hhtMRsf2tc39QNliMz/0oKazdWAYPL7rYQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1649279620; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=FgcfXjrvJer0JVW/CZeVkZHv48jUQO407BOciY2GhX8=; b=OOIK7Q6Q59/UsXK26rnM8B4Q8XMn642l4ZdBxHsLfTW/9UAYN94a5sXQ31kQ89jv0E/xSHGx7j+YI4if+H5XtzwyOjdCPZ6v3AZGWOn035/eBAYVeLSjQt+10U7AQNDxUWr7kzKYOILw0KU6zTu7xPXavdzky3TJosq/8+9YnCY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 164927962010320.26034309830743; Wed, 6 Apr 2022 14:13:40 -0700 (PDT) Received: from localhost ([::1]:49702 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ncCyB-0000DY-12 for importer@patchew.org; Wed, 06 Apr 2022 17:13:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49616) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncCwf-0006cC-Tu for qemu-devel@nongnu.org; Wed, 06 Apr 2022 17:12:06 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:44733) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncCwe-0004kj-BN for qemu-devel@nongnu.org; Wed, 06 Apr 2022 17:12:05 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-568-R_Nsf5k4MpmviIFT-LZDig-1; Wed, 06 Apr 2022 17:12:02 -0400 Received: by mail-wm1-f70.google.com with SMTP id o35-20020a05600c512300b0038e83a52c71so950868wms.7 for ; Wed, 06 Apr 2022 14:12:02 -0700 (PDT) Received: from redhat.com ([2.52.15.99]) by smtp.gmail.com with ESMTPSA id p16-20020a5d48d0000000b00205cf199abcsm15122209wrs.46.2022.04.06.14.11.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 14:12:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1649279523; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FgcfXjrvJer0JVW/CZeVkZHv48jUQO407BOciY2GhX8=; b=gl19ZuJpwjS3u9sc164x3qej0n4RFlaQuFSGX9MvF1jbNNMKNmAzA8B9FNuYigiMto3+do fKBJacRMw+yrxXNkZdYTuWC5KWaWy3XbwR5dfOSZjIWDEXqS3c5kUEG1JqDihdpTRh8X0y 00d0nY0Gzb63uJafSmxpdJ8I4CBXG+w= X-MC-Unique: R_Nsf5k4MpmviIFT-LZDig-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=FgcfXjrvJer0JVW/CZeVkZHv48jUQO407BOciY2GhX8=; b=VAnNGh3Fk+xm8VPEBC9nDDKCuxXNTkQ134NcpjhxoZk9HGQisL8nn2ISQosPF6Pwz0 UgNUV1fXJ3FPFeBuaj3qrjbMzxKvX2OXRDJtB3JN+FplWnKoGD3Sbs/EHm+7jL3S2HC8 hRwli9QVClTieEbmD7YUhmdOQ2zOkfDsFJx9vPFMUSNu6YmwhjSbPJfagJVEk5jl8C7f Dp5vLjFrbWNqScr/soWrqcssGd+rXPEcgfXnsJi99D/et5XYfzbPaHeW4M7k7PUSApO2 k39YIB0ALm60f97S85KS11cDd4pgWwZ0s/djNecz2A8X02nOIXr4Dv4/g3G6tQsNO9V+ VW/Q== X-Gm-Message-State: AOAM532+U+E9TzMLSsOEgaixZb891uruQDHt6MnH0Fnur0Pd5GRCQZgm k1TwfUAYaTvOstIAozrONtmtDkhYQ4rkkwmE2gF88p8EmSmdBqWgnYNCvv0mStT5L3Ay4sUt+bf KxBO/eLbbIIbT7L6POi+DdvWAifmawL9QYvL2Tga1Vz7K1mCWXaXi7AFxROOZ X-Received: by 2002:a7b:c841:0:b0:389:864c:e715 with SMTP id c1-20020a7bc841000000b00389864ce715mr9007641wml.72.1649279521267; Wed, 06 Apr 2022 14:12:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxrQwDzLm2Y4Hpa4vKPPxf59khHZXhrHPgl4SftYnfUtTiylUhs8bC94aJxCk9/mgcZf+Cgow== X-Received: by 2002:a7b:c841:0:b0:389:864c:e715 with SMTP id c1-20020a7bc841000000b00389864ce715mr9007617wml.72.1649279520837; Wed, 06 Apr 2022 14:12:00 -0700 (PDT) Date: Wed, 6 Apr 2022 17:11:58 -0400 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Subject: [PULL 3/3] virtio-iommu: use-after-free fix Message-ID: <20220406211137.38840-4-mst@redhat.com> References: <20220406211137.38840-1-mst@redhat.com> MIME-Version: 1.0 In-Reply-To: <20220406211137.38840-1-mst@redhat.com> X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mst@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Wentao Liang , Eric Auger Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1649279621554100005 From: Wentao Liang A potential Use-after-free was reported in virtio_iommu_handle_command when using virtio-iommu: > I find a potential Use-after-free in QEMU 6.2.0, which is in > virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). > > > Specifically, in the loop body, the variable 'buf' allocated at line 639 = can be > freed by g_free() at line 659. However, if the execution path enters the = loop > body again and the if branch takes true at line 616, the control will dir= ectly > jump to 'out' at line 651. At this time, 'buf' is a freed pointer, which = is not > assigned with an allocated memory but used at line 653. As a result, a UA= F bug > is triggered. > > > > 599 for (;;) { > ... > 615 sz =3D iov_to_buf(iov, iov_cnt, 0, &head, sizeof(head)); > 616 if (unlikely(sz !=3D sizeof(head))) { > 617 tail.status =3D VIRTIO_IOMMU_S_DEVERR; > 618 goto out; > 619 } > ... > 639 buf =3D g_malloc0(output_size); > ... > 651 out: > 652 sz =3D iov_from_buf(elem->in_sg, elem->in_num, 0, > 653 buf ? buf : &tail, output_size); > ... > 659 g_free(buf); > > We can fix it by set =E2=80=98buf=E2=80=98 to NULL after freeing it: > > > 651 out: > 652 sz =3D iov_from_buf(elem->in_sg, elem->in_num, 0, > 653 buf ? buf : &tail, output_size); > ... > 659 g_free(buf); > +++ buf =3D NULL; > 660 } Fix as suggested by the reporter. Signed-off-by: Wentao Liang Signed-off-by: Michael S. Tsirkin Message-ID: <20220406040445-mutt-send-email-mst@kernel.org> --- hw/virtio/virtio-iommu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index 239fe97b12..2b1d21edd1 100644 --- a/hw/virtio/virtio-iommu.c +++ b/hw/virtio/virtio-iommu.c @@ -683,6 +683,7 @@ out: virtio_notify(vdev, vq); g_free(elem); g_free(buf); + buf =3D NULL; } } =20 --=20 MST