1. Patchew
  2. linux
  3. [PATCH v11 00/12] Add multiple address spaces support to VDUSE
  4. View patch

[PATCH v11 04/12] vhost: move vdpa group bound check to vhost_vdpa

Eugenio Pérez posted 12 patches 4 weeks, 1 day ago
There is a newer version of this series
[PATCH v11 04/12] vhost: move vdpa group bound check to vhost_vdpa
Posted by Eugenio Pérez 4 weeks, 1 day ago 
Remove duplication by consolidating these here.  This reduces the
posibility of a parent driver missing them.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
 drivers/vdpa/mlx5/net/mlx5_vnet.c | 3 ---
 drivers/vdpa/vdpa_sim/vdpa_sim.c  | 6 ------
 drivers/vhost/vdpa.c              | 2 +-
 3 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
index ddaa1366704b..44062e9d68f0 100644
--- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
+++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
@@ -3640,9 +3640,6 @@ static int mlx5_set_group_asid(struct vdpa_device *vdev, u32 group,
 	struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
 	int err = 0;
 
-	if (group >= MLX5_VDPA_NUMVQ_GROUPS)
-		return -EINVAL;
-
 	mvdev->mres.group2asid[group] = asid;
 
 	mutex_lock(&mvdev->mres.lock);
diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c b/drivers/vdpa/vdpa_sim/vdpa_sim.c
index c1c6431950e1..df9c7ddc5d78 100644
--- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
+++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
@@ -606,12 +606,6 @@ static int vdpasim_set_group_asid(struct vdpa_device *vdpa, unsigned int group,
 	struct vhost_iotlb *iommu;
 	int i;
 
-	if (group > vdpasim->dev_attr.ngroups)
-		return -EINVAL;
-
-	if (asid >= vdpasim->dev_attr.nas)
-		return -EINVAL;
-
 	iommu = &vdpasim->iommu[asid];
 
 	mutex_lock(&vdpasim->mutex);
diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
index 05a481e4c385..9d25b735b43d 100644
--- a/drivers/vhost/vdpa.c
+++ b/drivers/vhost/vdpa.c
@@ -680,7 +680,7 @@ static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
 	case VHOST_VDPA_SET_GROUP_ASID:
 		if (copy_from_user(&s, argp, sizeof(s)))
 			return -EFAULT;
-		if (s.num >= vdpa->nas)
+		if (idx >= vdpa->ngroups || s.num >= vdpa->nas)
 			return -EINVAL;
 		if (!ops->set_group_asid)
 			return -EOPNOTSUPP;
-- 
2.52.0
Re: [PATCH v11 04/12] vhost: move vdpa group bound check to vhost_vdpa
Posted by Michael S. Tsirkin 4 weeks ago 
On Fri, Jan 09, 2026 at 04:24:22PM +0100, Eugenio Pérez wrote:
> Remove duplication by consolidating these here.  This reduces the
> posibility of a parent driver missing them.
> 
> Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
> ---
>  drivers/vdpa/mlx5/net/mlx5_vnet.c | 3 ---
>  drivers/vdpa/vdpa_sim/vdpa_sim.c  | 6 ------
>  drivers/vhost/vdpa.c              | 2 +-
>  3 files changed, 1 insertion(+), 10 deletions(-)
> 
> diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> index ddaa1366704b..44062e9d68f0 100644
> --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
> +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> @@ -3640,9 +3640,6 @@ static int mlx5_set_group_asid(struct vdpa_device *vdev, u32 group,
>  	struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
>  	int err = 0;
>  
> -	if (group >= MLX5_VDPA_NUMVQ_GROUPS)
> -		return -EINVAL;
> -
>  	mvdev->mres.group2asid[group] = asid;
>  
>  	mutex_lock(&mvdev->mres.lock);
> diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> index c1c6431950e1..df9c7ddc5d78 100644
> --- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
> +++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> @@ -606,12 +606,6 @@ static int vdpasim_set_group_asid(struct vdpa_device *vdpa, unsigned int group,
>  	struct vhost_iotlb *iommu;
>  	int i;
>  
> -	if (group > vdpasim->dev_attr.ngroups)
> -		return -EINVAL;
> -

BTW is the original ">" here an off by one error? Should have been >= ?
if yes then this is a kind of bugfix and maybe needs a fixes tag.

> -	if (asid >= vdpasim->dev_attr.nas)
> -		return -EINVAL;
> -
>  	iommu = &vdpasim->iommu[asid];
>  
>  	mutex_lock(&vdpasim->mutex);
> diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
> index 05a481e4c385..9d25b735b43d 100644
> --- a/drivers/vhost/vdpa.c
> +++ b/drivers/vhost/vdpa.c
> @@ -680,7 +680,7 @@ static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
>  	case VHOST_VDPA_SET_GROUP_ASID:
>  		if (copy_from_user(&s, argp, sizeof(s)))
>  			return -EFAULT;
> -		if (s.num >= vdpa->nas)
> +		if (idx >= vdpa->ngroups || s.num >= vdpa->nas)
>  			return -EINVAL;
>  		if (!ops->set_group_asid)
>  			return -EOPNOTSUPP;
> -- 
> 2.52.0
Re: [PATCH v11 04/12] vhost: move vdpa group bound check to vhost_vdpa
Posted by Eugenio Perez Martin 3 weeks, 6 days ago 
On Sun, Jan 11, 2026 at 12:46 AM Michael S. Tsirkin <mst@redhat.com> wrote:
>
> On Fri, Jan 09, 2026 at 04:24:22PM +0100, Eugenio Pérez wrote:
> > Remove duplication by consolidating these here.  This reduces the
> > posibility of a parent driver missing them.
> >
> > Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
> > ---
> >  drivers/vdpa/mlx5/net/mlx5_vnet.c | 3 ---
> >  drivers/vdpa/vdpa_sim/vdpa_sim.c  | 6 ------
> >  drivers/vhost/vdpa.c              | 2 +-
> >  3 files changed, 1 insertion(+), 10 deletions(-)
> >
> > diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > index ddaa1366704b..44062e9d68f0 100644
> > --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > @@ -3640,9 +3640,6 @@ static int mlx5_set_group_asid(struct vdpa_device *vdev, u32 group,
> >       struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
> >       int err = 0;
> >
> > -     if (group >= MLX5_VDPA_NUMVQ_GROUPS)
> > -             return -EINVAL;
> > -
> >       mvdev->mres.group2asid[group] = asid;
> >
> >       mutex_lock(&mvdev->mres.lock);
> > diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> > index c1c6431950e1..df9c7ddc5d78 100644
> > --- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
> > +++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> > @@ -606,12 +606,6 @@ static int vdpasim_set_group_asid(struct vdpa_device *vdpa, unsigned int group,
> >       struct vhost_iotlb *iommu;
> >       int i;
> >
> > -     if (group > vdpasim->dev_attr.ngroups)
> > -             return -EINVAL;
> > -
>
> BTW is the original ">" here an off by one error? Should have been >= ?
> if yes then this is a kind of bugfix and maybe needs a fixes tag.
>

Ouch that's a good catch, thanks! Do you prefer me to mark this patch
as "Fixes:" and send it for backporting to stable to or to create a
new patch just adding the ">=" and then moving the check to the vdpa
core on top?

> > -     if (asid >= vdpasim->dev_attr.nas)
> > -             return -EINVAL;
> > -
> >       iommu = &vdpasim->iommu[asid];
> >
> >       mutex_lock(&vdpasim->mutex);
> > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
> > index 05a481e4c385..9d25b735b43d 100644
> > --- a/drivers/vhost/vdpa.c
> > +++ b/drivers/vhost/vdpa.c
> > @@ -680,7 +680,7 @@ static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
> >       case VHOST_VDPA_SET_GROUP_ASID:
> >               if (copy_from_user(&s, argp, sizeof(s)))
> >                       return -EFAULT;
> > -             if (s.num >= vdpa->nas)
> > +             if (idx >= vdpa->ngroups || s.num >= vdpa->nas)
> >                       return -EINVAL;
> >               if (!ops->set_group_asid)
> >                       return -EOPNOTSUPP;
> > --
> > 2.52.0
>
Re: [PATCH v11 04/12] vhost: move vdpa group bound check to vhost_vdpa
Posted by Michael S. Tsirkin 3 weeks, 6 days ago 
On Mon, Jan 12, 2026 at 08:38:26AM +0100, Eugenio Perez Martin wrote:
> On Sun, Jan 11, 2026 at 12:46 AM Michael S. Tsirkin <mst@redhat.com> wrote:
> >
> > On Fri, Jan 09, 2026 at 04:24:22PM +0100, Eugenio Pérez wrote:
> > > Remove duplication by consolidating these here.  This reduces the
> > > posibility of a parent driver missing them.
> > >
> > > Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
> > > ---
> > >  drivers/vdpa/mlx5/net/mlx5_vnet.c | 3 ---
> > >  drivers/vdpa/vdpa_sim/vdpa_sim.c  | 6 ------
> > >  drivers/vhost/vdpa.c              | 2 +-
> > >  3 files changed, 1 insertion(+), 10 deletions(-)
> > >
> > > diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > > index ddaa1366704b..44062e9d68f0 100644
> > > --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > > +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > > @@ -3640,9 +3640,6 @@ static int mlx5_set_group_asid(struct vdpa_device *vdev, u32 group,
> > >       struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev);
> > >       int err = 0;
> > >
> > > -     if (group >= MLX5_VDPA_NUMVQ_GROUPS)
> > > -             return -EINVAL;
> > > -
> > >       mvdev->mres.group2asid[group] = asid;
> > >
> > >       mutex_lock(&mvdev->mres.lock);
> > > diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> > > index c1c6431950e1..df9c7ddc5d78 100644
> > > --- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
> > > +++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> > > @@ -606,12 +606,6 @@ static int vdpasim_set_group_asid(struct vdpa_device *vdpa, unsigned int group,
> > >       struct vhost_iotlb *iommu;
> > >       int i;
> > >
> > > -     if (group > vdpasim->dev_attr.ngroups)
> > > -             return -EINVAL;
> > > -
> >
> > BTW is the original ">" here an off by one error? Should have been >= ?
> > if yes then this is a kind of bugfix and maybe needs a fixes tag.
> >
> 
> Ouch that's a good catch, thanks! Do you prefer me to mark this patch
> as "Fixes:" and send it for backporting to stable to or to create a
> new patch just adding the ">=" and then moving the check to the vdpa
> core on top?

It seems adequate to just send this to backporting.
Do document that this is a fix in the commit log though.


> > > -     if (asid >= vdpasim->dev_attr.nas)
> > > -             return -EINVAL;
> > > -
> > >       iommu = &vdpasim->iommu[asid];
> > >
> > >       mutex_lock(&vdpasim->mutex);
> > > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
> > > index 05a481e4c385..9d25b735b43d 100644
> > > --- a/drivers/vhost/vdpa.c
> > > +++ b/drivers/vhost/vdpa.c
> > > @@ -680,7 +680,7 @@ static long vhost_vdpa_vring_ioctl(struct vhost_vdpa *v, unsigned int cmd,
> > >       case VHOST_VDPA_SET_GROUP_ASID:
> > >               if (copy_from_user(&s, argp, sizeof(s)))
> > >                       return -EFAULT;
> > > -             if (s.num >= vdpa->nas)
> > > +             if (idx >= vdpa->ngroups || s.num >= vdpa->nas)
> > >                       return -EINVAL;
> > >               if (!ops->set_group_asid)
> > >                       return -EOPNOTSUPP;
> > > --
> > > 2.52.0
> >

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.