Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Dec 2025 23:43:00 +0000
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Cc:        Bojan Novk=?utf-8?Q?ovi=C4=87?= <bnovkov@FreeBSD.org>
Subject:   git: 04e9f1aab83a - releng/15.0 - amd64/vmm.c: Fix an incorrect memory segment check in vm_iommu_{un}map
Message-ID:  <6941ee84.237e6.382387b3@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch releng/15.0 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=04e9f1aab83a00e5b61aaed50fabf1cd69fb01cf

commit 04e9f1aab83a00e5b61aaed50fabf1cd69fb01cf
Author:     Bojan Novković <bnovkov@FreeBSD.org>
AuthorDate: 2025-12-13 14:53:45 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-12-16 16:01:22 +0000

    amd64/vmm.c: Fix an incorrect memory segment check in vm_iommu_{un}map
    
    This change fixes two checks that conflated memory mapping and memory
    segment idenitifers. In both cases the code iterates over all memory
    mappings but passes the index to `vm_memseg_sysmem`, which is wrong.
    
    Fix this by passing the memory mapping's segment identifier instead.
    
    Differential Revision:  https://reviews.freebsd.org/D54210
    Reviewed by:    markj
    Fixes:  c76c2a19ae37
    PR:     290920
    Approved by:    so
    Security:       FreeBSD-EN-25:20.vmm
    
    (cherry picked from commit f1809eab82a796845f126b703c01d4a31ccf2193)
    (cherry picked from commit 4f7436bf297b93fd9e835ffca3d56288ce934dc5)
---
 sys/amd64/vmm/vmm.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/amd64/vmm/vmm.c b/sys/amd64/vmm/vmm.c
index c42da02d0bf6..cffbdf047d32 100644
--- a/sys/amd64/vmm/vmm.c
+++ b/sys/amd64/vmm/vmm.c
@@ -755,10 +755,10 @@ vm_iommu_map(struct vm *vm)
 	sx_assert(&vm->mem.mem_segs_lock, SX_LOCKED);
 
 	for (i = 0; i < VM_MAX_MEMMAPS; i++) {
-		if (!vm_memseg_sysmem(vm, i))
+		mm = &vm->mem.mem_maps[i];
+		if (!vm_memseg_sysmem(vm, mm->segid))
 			continue;
 
-		mm = &vm->mem.mem_maps[i];
 		KASSERT((mm->flags & VM_MEMMAP_F_IOMMU) == 0,
 		    ("iommu map found invalid memmap %#lx/%#lx/%#x",
 		    mm->gpa, mm->len, mm->flags));
@@ -803,10 +803,10 @@ vm_iommu_unmap(struct vm *vm)
 	sx_assert(&vm->mem.mem_segs_lock, SX_LOCKED);
 
 	for (i = 0; i < VM_MAX_MEMMAPS; i++) {
-		if (!vm_memseg_sysmem(vm, i))
+		mm = &vm->mem.mem_maps[i];
+		if (!vm_memseg_sysmem(vm, mm->segid))
 			continue;
 
-		mm = &vm->mem.mem_maps[i];
 		if ((mm->flags & VM_MEMMAP_F_IOMMU) == 0)
 			continue;
 		mm->flags &= ~VM_MEMMAP_F_IOMMU;
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6941ee84.237e6.382387b3>