> From: Nicolin Chen <nicolinc@nvidia.com>
> Sent: Tuesday, June 2, 2026 4:43 AM
> 
> Bugs were found in iommufd_veventq/fault_fops_read(), where userspace
> may:
>  - Receive a corrupted byte stream after a partial copy_to_user
>  - Spin in a poll/read loop when reading with an undersized buffer
>  - Miss notifications when the kernel cannot allocate a lost-events copy
>  - Receive duplicate faults with stale cookies after a mid-group failure
>  - Cause the kernel to retry the same failed copy_to_user indefinitely
> 
> Fix them, then add selftest coverage for the vEVENTQ count validation.
> 

for the whole series:

Reviewed-by: Kevin Tian <kevin.tian@intel.com>