From: Jason Gunthorpe <jgg@nvidia.com>
To: iommu@lists.linux.dev, Joerg Roedel <joro@8bytes.org>,
Kevin Tian <kevin.tian@intel.com>,
Robin Murphy <robin.murphy@arm.com>,
Will Deacon <will@kernel.org>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Joao Martins <joao.m.martins@oracle.com>,
patches@lists.linux.dev, stable@vger.kernel.org,
syzbot+093a8a8b859472e6c257@syzkaller.appspotmail.com,
Yishai Hadas <yishaih@nvidia.com>
Subject: Re: [PATCH rc] iommufd: Don't overflow during division for dirty tracking
Date: Mon, 20 Oct 2025 19:59:47 -0300 [thread overview]
Message-ID: <20251020225947.GA644827@nvidia.com> (raw)
In-Reply-To: <0-v1-663679b57226+172-iommufd_dirty_div0_jgg@nvidia.com>
On Wed, Oct 08, 2025 at 03:17:18PM -0300, Jason Gunthorpe wrote:
> If pgshift is 63 then BITS_PER_TYPE(*bitmap->bitmap) * pgsize will overflow
> to 0 and this triggers divide by 0.
>
> In this case the index should just be 0, so reorganize things to divide
> by shift and avoid hitting any overflows.
>
> Cc: stable@vger.kernel.org
> Fixes: 58ccf0190d19 ("vfio: Add an IOVA bitmap support")
> Reported-by: syzbot+093a8a8b859472e6c257@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=093a8a8b859472e6c257
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
> drivers/iommu/iommufd/iova_bitmap.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
Applied to for-rc
Thanks,
Jason
prev parent reply other threads:[~2025-10-20 22:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 18:17 [PATCH rc] iommufd: Don't overflow during division for dirty tracking Jason Gunthorpe
2025-10-08 18:57 ` Nicolin Chen
2025-10-08 21:35 ` Joao Martins
2025-10-16 7:36 ` Tian, Kevin
2025-10-20 22:59 ` Jason Gunthorpe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251020225947.GA644827@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=iommu@lists.linux.dev \
--cc=joao.m.martins@oracle.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=patches@lists.linux.dev \
--cc=robin.murphy@arm.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+093a8a8b859472e6c257@syzkaller.appspotmail.com \
--cc=will@kernel.org \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.