HomeFreeBSD

iommu_gas: Eliminate a possible case of use-after-free

Description

iommu_gas: Eliminate a possible case of use-after-free

Eliminate a possible case of use-after-free in an error handling path
after a mapping failure. Specifically, eliminate IOMMU_MAP_ENTRY_QI_NF
and instead perform the IOTLB invalidation synchronously. Otherwise,
when iommu_domain_unload_entry() is called and told not to free the
IOMMU map entry, the caller could free the entry before dmar_qi_task()
is finished with it.

Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35878

(cherry picked from commit 8bc3673847453ca51237b5c85fe57f3f02e17a4b)

Details

Provenance
alcAuthored on Jul 22 2022, 5:00 PM
dougmCommitted on Aug 8 2022, 3:18 AM
Reviewer
kib
Differential Revision
D35878: iommu_gas: Perform a synchronous invalidation when not freeing the entry in dmar_qi_task()
Parents
rGf2453156ddfe: iommu: Shrink the iommu map entry structure
Branches
Unknown
Tags
Unknown