vfio: selftests: fix crash in vfio_dma_mapping_mmio_test

Alex Mastro · gregkh · commit ac15f02fafde · 2026-05-23T13:08:56.000+02:00
[ Upstream commit f183963 ] Remove the __iommu_unmap() call on a region that was never mapped. When __iommu_map() fails (expected for MMIO vaddrs in non-VFIO modes), the region is not added to the dma_regions list, leaving its list_head zero-initialized. If the unmap ioctl returns success, __iommu_unmap() calls list_del_init() on this zeroed node and crashes. This fixes the iommufd_compat_type1 and iommufd_compat_type1v2 test variants. Fixes: 080723f ("vfio: selftests: Add vfio_dma_mapping_mmio_test") Signed-off-by: Alex Mastro <amastro@fb.com> Reviewed-by: David Matlack <dmatlack@google.com> Reviewed-by: Yuan Yao <yaoyuan@linux.alibaba.com> Link: https://lore.kernel.org/r/20260303-fix-mmio-test-v1-1-78b4a9e46a4e@fb.com Signed-off-by: Alex Williamson <alex@shazbot.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
diff --git a/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c b/tools/testing/selftests/vfio/vfio_dma_mapping_mmio_test.c
@@ -100,7 +100,6 @@ static void do_mmio_map_test(struct iommu *iommu,
 		iommu_unmap(iommu, &region);
 	} else {
 		VFIO_ASSERT_NE(__iommu_map(iommu, &region), 0);
-		VFIO_ASSERT_NE(__iommu_unmap(iommu, &region, NULL), 0);
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,6 @@ static void do_mmio_map_test(struct iommu *iommu,`
`100`	`100`	`iommu_unmap(iommu, &region);`
`101`	`101`	`} else {`
`102`	`102`	`VFIO_ASSERT_NE(__iommu_map(iommu, &region), 0);`
`103`		`- VFIO_ASSERT_NE(__iommu_unmap(iommu, &region, NULL), 0);`
`104`	`103`	`}`
`105`	`104`	`}`
`106`	`105`