On 2026-03-03 11:46 AM, Alex Mastro wrote:
> Remove the __iommu_unmap() call on a region that was never mapped.
> When __iommu_map() fails (expected for MMIO vaddrs in non-VFIO
> modes), the region is not added to the dma_regions list, leaving its
> list_head zero-initialized. If the unmap ioctl returns success,
> __iommu_unmap() calls list_del_init() on this zeroed node and crashes.
>
> This fixes the iommufd_compat_type1 and iommufd_compat_type1v2
> test variants.
>
> Fixes: 080723f4d4c3 ("vfio: selftests: Add vfio_dma_mapping_mmio_test")
> Signed-off-by: Alex Mastro <[email protected]>
> ---
> The bug was missed because the test was originally run against a kernel
> without commit afb47765f923 ("iommufd: Make vfio_compat's unmap succeed
> if the range is already empty"). Without that fix, the unmap ioctl
> returned -ENOENT, taking the early return before list_del_init().
Thanks for the fix.
Looking back I remember testing your new test out without seeing a
failure. Turns out I had applied it on top of tag vfio-v6.19-rc1, which
did not have commit afb47765f923.
Reviewed-by: David Matlack <[email protected]>
