From nobody Mon May 25 09:56:49 2026 Received: from DM1PR04CU001.outbound.protection.outlook.com (mail-centralusazon11010054.outbound.protection.outlook.com [52.101.61.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1536365A14; Mon, 18 May 2026 02:29:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.61.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071347; cv=fail; b=hhej4TCtZgS9rmFdiMi5yUAw0HIOV2IJkqfldsk8sz6Is+nYFC4IxZUisFXb+Ly4f1m5gHpIrvMr6nobHekyRHdimJnRMchB2nWJJzjUsQ/WqKCQPQ8YwVoXZAdzX+7PjoqatPolsolMe3WSnmr8AlQq1Zlsph//kZAcf8wstr8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071347; c=relaxed/simple; bh=v03WgPVTWKX/kBp8V5GyaiVo4LfO5iQnu/EsHxC53Vc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lfDHfms+FsI90rq1fGYW8nKrNoaf6gkVWn3dRyiH0y6Rs3PPr9garhtXB9EKByrXQr4mSHszgiycFmtsWdmrnmtRii7uDo3aKHcKSCqRmCj+1y7MwEVdpkZFFjblyCDFYorRDsJbLMGXvzPmABeDF5jx7x1kjVEiGP2iLC6yXnE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=fbxbfAkC; arc=fail smtp.client-ip=52.101.61.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="fbxbfAkC" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Xs3/MArqgUJVI1w2qFlIuyUg0X6Pczj9wvcxqjtMmyIGfd5kiNt5+tyPyuCLcKDxjULkxSKsaWhyAjEwmWAY4s2zKoI/BAJZs3NcDSEKpF6WV6i4cqZnGXXxrzbWmSD4waJgtmeZhXzqDbD0dqJRkYOH6H2rXTA9iSNuGL8zDiA7PmlGCvL/gOZ2N2y+QwWwt5t/e2ebEo60yXEPcXM6F0AcC+F/HClfPussy4lwMpbRdXVSp2TEsLEqPNNEirgdcVUAexTqieFxjtuAXRyJ+iw6x2PMiFBzpYxTVGhuezMbxCegP61aAQ9fbP4WGrallEs+SmtHfrqxlgWhD6LMTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VMpbmpsQR48DXmtc+hFTduzGrl+wBGpIMJM9PYDb/H0=; b=MOdf/0uhLXROeOU8rZASAuX+HUgorqBi664iPqVgMQIYgBt1KhnHgMsgXmIBunvuBSQNHMZqpUMvLE6EHBn5sj4b/MxYYqr0sVZE53FLnKAMbpALKyFkp19/7vsdjsHAsq06+ztPdtpCXYiKaMivfCRKEnhNnlWWI1AHhty/VdNDvKG8cGtBxYhOGixTDOXi1DWXFmyKOjsAIIvIO/sSk08Zw4oajHjFAFy9Twe7DWSUs7kMdQwS04RP0cdqhS0PCWxbec4g7EeKXp8T7+Tg3/I0g8gJDQYoB2mPVgLNdeVZ3Mmo6DJMjICOokgAC6++6Ium3MauFLUPcFJS/RJS0Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VMpbmpsQR48DXmtc+hFTduzGrl+wBGpIMJM9PYDb/H0=; b=fbxbfAkC3x6W4c8A+eQTmL2Pc0xANK6s7GbqjOB9RJ6OYByJB5vAREN369PZzjVxC1f1Nl/cLJIeZyiNqJU7gIctfL6HsAG1O2eUM+gVZRjabIoLHz95xra/U4xvNDvlY2eI8bN6kaOFlTGCVWldn2DoNnNzLR9BcrPv6sPov+D+y7tnnwalmCiE2K48zDCfdQLkZkbfNN+yAC7i6/9ERR/MRakK66+v1foUEfIc8yOd+/DvoysntSYrV+3AkTqW7+v9wMNU890QiGadscLSufPuq1ISkJNFmdhah6tG8QFktCJvF7Xgj99d9tvhBRRfw1lbSczoPSnEej1EueVtug== Received: from SJ0PR03CA0378.namprd03.prod.outlook.com (2603:10b6:a03:3a1::23) by DM4PR12MB5913.namprd12.prod.outlook.com (2603:10b6:8:66::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.23; Mon, 18 May 2026 02:28:59 +0000 Received: from SJ1PEPF0000231B.namprd03.prod.outlook.com (2603:10b6:a03:3a1:cafe::f8) by SJ0PR03CA0378.outlook.office365.com (2603:10b6:a03:3a1::23) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.25.23 via Frontend Transport; Mon, 18 May 2026 02:28:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SJ1PEPF0000231B.mail.protection.outlook.com (10.167.242.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.11 via Frontend Transport; Mon, 18 May 2026 02:28:59 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:57 -0700 Received: from drhqmail203.nvidia.com (10.126.190.182) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:57 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.126.190.182) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Sun, 17 May 2026 19:28:57 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v1 1/4] iommufd: Move vevent memory allocation outside spinlock Date: Sun, 17 May 2026 19:28:46 -0700 Message-ID: <446bc952846ad0c98e5226e73cd29b560d70ceb7.1779070992.git.nicolinc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231B:EE_|DM4PR12MB5913:EE_ X-MS-Office365-Filtering-Correlation-Id: 02d69e00-af9f-4a44-0a7d-08deb48537f4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700016|376014|1800799024|11063799003|18002099003|56012099003|22082099003; X-Microsoft-Antispam-Message-Info: kkTiLXO8c2Psyzwk2M3Yicot5bJWHkLtlLrIJIvPV5nXpMmRuKszHmpalCFiWcdJB/2fYLM01zPFWj390FgyPIuHMjsyNPGDhpM60EE8WCX3E+IYQMuQ7dAHz76r0gdPqt6xhPOwQKTcNzmD6nWpLYRwyweLzAT6vWdLXRqQytL6nADr8kiXe2GgYqA2ZUtmJMvz8DVsRcnKC5cXHE9tr4jvAMLBctUhIgFgp8FosKupcN4v3HBzycFChmLIQx2tPsHHXO2V9SRJzGyahTYgGi6p4tnP5Tbg2gW4coerVUI+YbDIIx2o/U0ynLmAgT6saorURFKv3B1pFox0kOzC+lz0JteTpz5K8FMT+OL3PEXGQ/fgpnc7kJ97TwvFuKiPIDM+y3TSY0SY76m5n+WHLyOUAeXGBO4glMltI/FUdDwCo8Rsh+1OVRD0Zbu06yrMTC1iumxFuqVcyJ9DTLhnkahKOlXrRBU4O05KFIbeOboGvhGhuAxoRxou+Qv80QdvgkLy2jPu4uJBFBasK0gg+JNhW3/A1HVs4nv0H9OL+NHY+KXdH6Qae+2mEAmYwZCPW/avYaxTp6DJHQNiZ73zWXynyQ/HG9Q+XK2waWcRRjrYZ7X6U01KlMRASlHXkl4719MPdel4Oeb0nfIYtks+UriESZwj3jBnlMVaRU7I53GNnUIHQYZ78ZDfAoSgrgD2MAuteOZ9Q8yOdspMz2rogi9QVRuexAQF3jfC5Emjdco= X-Forefront-Antispam-Report: CIP:216.228.118.232;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge1.nvidia.com;CAT:NONE;SFS:(13230040)(82310400026)(36860700016)(376014)(1800799024)(11063799003)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: yzH5c4Z/CK84/XsAIvw334ESJGoajkGYJJkgQ517N592Ck5BJujzFbl8sOJPmiAgXtMgbv8Sk9dNpZyQlfbha579lqTTUPMsHkDSTt9ocQJCJvReM2+qWxc6ax4aU0XdWLOI2OoKYtD8/9cRFaiydn2ut934tFdBgfExSUMhtsIN2E2YSrtyAoODYT7Jk0+mhhN9QgBWA3evE3AxZFqbbEc9cpYp+/F6vJbhEX3IYKm420T9/E0n8bGrQYTi6oXuAhpN49RwRVd0cnLkVjAHSnqL6e8V4cgat4o1zMrZi9THRz60c/oi+yo7p8DN7OBfmIdrjldYvVqrDjrTjwreWwXzjm5Fx/xHnw2fws0W+VztuTqPUt/tGw1ckPJ1HYc95GyQkZ2KPUnO2PPwPknaqdLtZrwbSXr6/K2QDsepknuIZwina3OwruiHPVNGAd7Y X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 02:28:59.5276 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 02d69e00-af9f-4a44-0a7d-08deb48537f4 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.232];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231B.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5913 Content-Type: text/plain; charset="utf-8" The veventq memory allocation happens inside the spinlock. Given its depth is decided by the user space, this leaves a vulnerability, where userspace can allocate large queues to exhaust atomic memory reserves. Move the allocation outside the spinlock and use GFP_NOWAIT, which can fail fast under memory pressure without dipping into the GFP_ATOMIC reserves or direct-reclaiming from the threaded IRQ handler. Treat the failure the same as a queue-overflow and return -ENOMEM to notify the caller. A subsequent change will cap the upper bound of the veventq_depth. Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and IOMMUFD_CMD_VEVE= NTQ_ALLOC") Cc: stable@vger.kernel.org Signed-off-by: Nicolin Chen Reviewed-by: Jason Gunthorpe --- drivers/iommu/iommufd/driver.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/iommufd/driver.c b/drivers/iommu/iommufd/driver.c index 61e6b02601d1a..b0dec089aeee1 100644 --- a/drivers/iommu/iommufd/driver.c +++ b/drivers/iommu/iommufd/driver.c @@ -149,15 +149,28 @@ int iommufd_viommu_report_event(struct iommufd_viommu= *viommu, goto out_unlock_veventqs; } =20 - spin_lock(&veventq->common.lock); - if (veventq->num_events =3D=3D veventq->depth) { + /* + * Optimistic skip when clearly full. A concurrent reader may free a slot + * before the spinlock; the cost is recording one extra event as lost. + */ + if (READ_ONCE(veventq->num_events) >=3D veventq->depth) { + spin_lock(&veventq->common.lock); vevent =3D &veventq->lost_events_header; goto out_set_header; } =20 - vevent =3D kzalloc_flex(*vevent, event_data, data_len, GFP_ATOMIC); + /* Pre-allocate to avoid GFP_ATOMIC; use GFP_NOWAIT to avoid sleeping */ + vevent =3D kzalloc_flex(*vevent, event_data, data_len, GFP_NOWAIT); if (!vevent) { + spin_lock(&veventq->common.lock); + vevent =3D &veventq->lost_events_header; rc =3D -ENOMEM; + goto out_set_header; + } + + spin_lock(&veventq->common.lock); + if (veventq->num_events =3D=3D veventq->depth) { + kfree(vevent); vevent =3D &veventq->lost_events_header; goto out_set_header; } --=20 2.43.0 From nobody Mon May 25 09:56:49 2026 Received: from CH5PR02CU005.outbound.protection.outlook.com (mail-northcentralusazon11012015.outbound.protection.outlook.com [40.107.200.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88D0836922D; Mon, 18 May 2026 02:29:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.200.15 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071348; cv=fail; b=Y7B4TkWLAFIP9TZVI6xGcqwzL06I6T6r1aQJypEb5ydOXe4uE86CELNeqN22hMhiz1VJzL1iEP2zvAv0lDvZ309qjHAdiQmg8l30X8qTssMSNVwY2sKNnr/XCIUZMm2Yur1HFK56K3ynvfGtH7p/zhStZLQNw+XneoHUZhnAip8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071348; c=relaxed/simple; bh=t9aN+75LoCQmNmI/zq00Gvtf+oIuHTvx/CUg5uO4F+4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kd4BycFCXQ4v/GbzuY2cjjfJMM4eR0N5Yz2Q8aYFBIu6Yo9bET/EVuxELkZFF8ik9lycUhKROVjsn+6LFRxM6t5SEYi8QMph//KUZ5YLf9zLJzxF+gfSTZ147EGjMjJS5e0XLcW1TiGThO38egV46zG2z+clc3eC7yu6Fm6pAjw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=UrlykgTj; arc=fail smtp.client-ip=40.107.200.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="UrlykgTj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dlmLEmH0KzddePbhhjmfQgOC8Y/dzedReMnFAikAoihtEcBxLv+Z4aR/7UgTemV/2PbxflFrDm3V/MYSfFDWSF4lDiIgxroA+j8aJazExdMzAtMrotFhgrvbpfG9WNa1wdkzfBf0H2EJen5HGKXzx/qXcYWmxsrhjekKRj5mld8+5yQ9oCO3fBwDwhtcqUSZuOivFV2jTrElDzKMUEOtriBuSlc1eRM7WqkQAZbQLJwplt4pPWGuVr83X7j7/AnzCnPsujIGv58U1LwSkCFmQ6zvTsO74XMc+NhQDUGxn+NC6cG4PIrNKH25v2TfzaQ+aAN4KbmR9jz1ZPD9d+6fIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v+FaMD7Nj2iRy7whmGSA17ZN/ZYnvDmULHUed1hCszQ=; b=fJNmO1iz7tsHV+7q0+zSB4AFhKQ4Rucb+0+uYYdT/0eR2f4hJgGZ6X0OQRW7/MVs3DRHTOvXkkgTimfKG62PtGCVClIPrPUZ1qsqj8ig0NZFpDp4CiwRA3GAY2WiGU2PhDNuUSqepuM5HJPq7j/xmWIvR91RoHgKSBEazjVFVKFM+9x8Whis0p/rpKiawAokQHY58CNwj1qanRw0P7xiOmh9QJZZpIWVVfXHhkLzghProg5LHvS6AmMWsuFH+mxafmxJsZooMSBhx9HU/dhqmybWL7CMB+Dd5mclIu0eIsDYDYYsPbSkr99mCsRooCgnozSqPUDpJFOLYD6bLyDsCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v+FaMD7Nj2iRy7whmGSA17ZN/ZYnvDmULHUed1hCszQ=; b=UrlykgTjzBYT4V/fscUkOZXcDKQukKA+jOAvRs8mShcMYU4qYb3tefzMO2CJyUeKyxFDQmwdOzsE3g6YMzj0tRORf2yxX+SnoqYes5CUFB+YgHLLDaanvRXazhg+t2pBnA1anQ7siw2yo1Jjzl8ETD+zBYwac+7yxF9tz0x5GENk2wn40lUj5K9A6av0YTq+42DZfSTNxaoDCWtre4WP2SEEcrFWVVGtA+jpBmDMW/JUtlPHcGc4Kx4dV2jUA3ZVrOxg5Ma9Bo97ga3uz8yBPMWBGDoC/ikIfNJLD+VLWiyklPuEQe+b96nEtaFzTUT6M7mRh6IbtBgkU9XppbM4Gg== Received: from SJ0PR03CA0374.namprd03.prod.outlook.com (2603:10b6:a03:3a1::19) by BY5PR12MB4049.namprd12.prod.outlook.com (2603:10b6:a03:201::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.23; Mon, 18 May 2026 02:29:00 +0000 Received: from SJ1PEPF0000231B.namprd03.prod.outlook.com (2603:10b6:a03:3a1:cafe::6f) by SJ0PR03CA0374.outlook.office365.com (2603:10b6:a03:3a1::19) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.25.23 via Frontend Transport; Mon, 18 May 2026 02:29:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SJ1PEPF0000231B.mail.protection.outlook.com (10.167.242.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.11 via Frontend Transport; Mon, 18 May 2026 02:29:00 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:58 -0700 Received: from drhqmail203.nvidia.com (10.126.190.182) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:58 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.126.190.182) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Sun, 17 May 2026 19:28:57 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v1 2/4] iommufd: Set veventq_depth upper bound Date: Sun, 17 May 2026 19:28:47 -0700 Message-ID: <2bbe94576fc12d852c28d38106f0de4435f4fd4e.1779070992.git.nicolinc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231B:EE_|BY5PR12MB4049:EE_ X-MS-Office365-Filtering-Correlation-Id: c836eab9-09a2-4696-7c43-08deb4853897 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|36860700016|1800799024|11063799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: JH0aqsSa3PTv06gNuT1UH2DAHnf9dfyDrS9a3qldbRXWJjrydRrJiaDS1lmZ9vqo9HlwQabKK2xjm9efstn+2ou7tdk+kYyzHKJyA/dVhnz2rsnhJkzjtCTsWWXOKY0YIPRQU3lAcSv+WLSMI5Olol+yw258z0Li20nZHAEbPen6wyxsO5CgFcLXeq7pejdbK6Jcc89FgYy2aYLBk08PRp9LB9BFAziVeYBDEuoLN2UTm64nsetnWKLXMdz2poLyAe9/KTyfYFD+Tapaqg1iITBa0sTSa7tbRJIaxgcGQb1Q7HkLYlk5l8HFN9kk+xX3RlFvu5hnstKKP9iU90fxc2CUMZhQ4+HkJvvluBhz8dpVK6tea9gNv25HANGFuN7yE4B6Sx6k+ezcrJqaGNrEd3VTlYtwyZDBrr1HMM96z9MESa4mo1ewiM8EC9Xnf6Jz7JX9N+MNrDnPrUoqpJaR8XHfxrrWaQjeFbJ+zpbDlauvOy8WLfge623XDmfxX81/xMXBcCAhQ8vFMd0dRZlr2CkNOevsjGFGeFOkHtFFcuxubkhySjZ2Rxt++rgt+HXyeBIi7C0NQK8VYrNfFyOviTtifUxzI6DWUSqnaF13th6Ngat/iox7KFrkWdRWq/QIrIlbo1gXSnybehaHDuz1M6dI7k7LTq34zomhB64+j3szJKF117l2JKNzy7aETvGLRqRtMcJzCN0BHXWdde7tupj9mmWbhXYlCQ2MBFiVn5I= X-Forefront-Antispam-Report: CIP:216.228.118.232;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge1.nvidia.com;CAT:NONE;SFS:(13230040)(82310400026)(376014)(36860700016)(1800799024)(11063799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Krv+9syomwuU7I1lAlQoQe4y+tzOMWi/UogLR6xzEUARM44wW6KgLzG+qQH0UJVrz5KTk5p4+ffDcM4bRj6B6Ys6yRWIMN0CAXLKtJipnL26eTbUczBcswSLG1RiMyJ38IjSmc343eKtTnAoXCTHsksvYY1pFDV5r+8hg05IVufP6dSH1Pr2CuCb6ohcFrx6LEhYDjyv3G7MPEaVQJZDYbITP9TBjBOIelvEGAGO1V8PDEd6cLbfGHwiaBQXw2HUSEkAEdr1gcLcXvcHBEk/X+4+rp2WbZzbKNG7t+1lKlyh6vmUDbPDz0QNA58hmzlLtAVNkvzwvTe4JV2+YYZCkYX8oEmAB1g3KnD2W2f3XKl0TB+/OAfvPIs8V64DquOvZPG6yMhHXx7YbOE2CSvxzM8gpxBk/BObb48HzelojEe7yc3Qw6iS7ehcAJr5EgOm X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 02:29:00.5967 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c836eab9-09a2-4696-7c43-08deb4853897 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.232];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231B.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4049 Content-Type: text/plain; charset="utf-8" iommufd_veventq_alloc() accepts any !0 veventq_depth from userspace, with an upper bound at U32_MAX. This leaves a vulnerability where userspace can allocate excessively large queues to exhaust kernel memory reserves. Cap the veventq_depth (maximum number of entries) to 1 << 19, matching the maximum number of entries in the SMMUv3 EVTQ (the largest use case today). Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and IOMMUFD_CMD_VEVE= NTQ_ALLOC") Cc: stable@vger.kernel.org Signed-off-by: Nicolin Chen Reviewed-by: Jason Gunthorpe --- drivers/iommu/iommufd/eventq.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/iommufd/eventq.c b/drivers/iommu/iommufd/eventq.c index 78689fb52d24c..1f1e415285b1a 100644 --- a/drivers/iommu/iommufd/eventq.c +++ b/drivers/iommu/iommufd/eventq.c @@ -473,6 +473,9 @@ int iommufd_fault_iopf_handler(struct iopf_group *group) static const struct file_operations iommufd_veventq_fops =3D INIT_EVENTQ_FOPS(iommufd_veventq_fops_read, NULL); =20 +/* An arbitrary upper bound for veventq_depth that fits all existing HWs */ +#define VEVENTQ_MAX_DEPTH (1U << 19) + int iommufd_veventq_alloc(struct iommufd_ucmd *ucmd) { struct iommu_veventq_alloc *cmd =3D ucmd->cmd; @@ -484,7 +487,7 @@ int iommufd_veventq_alloc(struct iommufd_ucmd *ucmd) if (cmd->flags || cmd->__reserved || cmd->type =3D=3D IOMMU_VEVENTQ_TYPE_DEFAULT) return -EOPNOTSUPP; - if (!cmd->veventq_depth) + if (!cmd->veventq_depth || cmd->veventq_depth > VEVENTQ_MAX_DEPTH) return -EINVAL; =20 viommu =3D iommufd_get_viommu(ucmd, cmd->viommu_id); --=20 2.43.0 From nobody Mon May 25 09:56:49 2026 Received: from BN8PR05CU002.outbound.protection.outlook.com (mail-eastus2azon11011040.outbound.protection.outlook.com [52.101.57.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FF12378833; Mon, 18 May 2026 02:29:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.57.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071358; cv=fail; b=YJi+aWT+wN5gr9xgmBqVVrtZpHPM1nq90EnpfK5wuJ0K7DaEyg/5Lh8U9KR8PlaicFqxyFKq5SigC7gAsVkI1AXz0UDb3rkuO95AFAQdL+OsbwIay/+gAhTPXVjh0VUKOosnkX68QNRJC7NF2paFwo5dg2sbB7a4OaQmiBp2Jrk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071358; c=relaxed/simple; bh=x04UXNdEMEFjIz4waLAHW0sUpCPaSCDgXtvLtHShUF4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=N8a2Q+NXKSNCHaFzTzpy3OLF8a1wAUw/hTG4jh3CahAC87FALIpqfb784OdoMfbYS4atwqGpyQ9MWwuhZqBy+16QWxkvE5mgm0EjDmHSWEqIhrd79Aob4Bnpp4wFe3dU27xFyy+tFUmaeLnY8/AqfS840fzTeu7ZGqKW6lO3hsY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=MTqaKTmV; arc=fail smtp.client-ip=52.101.57.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="MTqaKTmV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KAJkpOUQog6yngcxQYXqF7nUXPsjhjgwoIS3VnQVa293VjGCq1B1cHvr2r22E7JIZ/67PBGXPda/6ckwXshX/mMuVSg1+sifT5wruEGhZybdVoNrLbyHyvCZ4DcYJ+b5qKlCpqOlaJ3j2aOB7xAdM8PhCo3VZZJ86N2puH/rSRq20czRoOj5/sl4F0lpLZV+YjTylpBSunGIac3oQh+HezWjHzcHxzY4mOnmxl5ANN5pwEXOeUpx4SptYG3NZbDAsNVNRV9edku2O4J3uB2ft5kg0jKPJcltTHAgzL159jO6hehxUyQZbXH1ygtCtNfAsyhEoBdYcFnLuym+zCtBmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ipALqatYZl+YFok56NsOedrNBZ8LSZmH85WAPAy71Ug=; b=ZpkAF0fPi406bsN6oSRF+628EpFezk4mkM4wI4j1okivR5NxSzKCEsNDZdMvu01heuZtzMBxMqdIR7ZRxISvJZYttOHrrFbOIRLfwzAPCOKqDgoTRthWrnFEaT7BxjG8JcCdSBHWfT0ZU7FnCsooHc9YjI1owdprRtsds4Js6nYPGO0PkhFZ7c1MLBFU8rlN4eIVFgE9Z4Jaa0p6OrWCYvrYR7ImN1cIWRCv3+STXkHxoZaMsQcr+zVFLgPfcOixLjt7xhU/QTKCcNR8XyuJlSaqkq3NGbgJbzK/0emuESgtxjoHtlwV03VgRa1ScvWkA1AXxI/wW/22YKemvy8RRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.233) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ipALqatYZl+YFok56NsOedrNBZ8LSZmH85WAPAy71Ug=; b=MTqaKTmV5y/2JFvStPBK320zKR2f8wVAR9CQHY/T0yHBPmb15yANMK5q2b4x6bEhl53/MgATQd3fOa0H+W7+DMhq/RPiZFzJspKeFZ7tRtneDHusu0MQqq7pFHMB7z0HHK/UWk/Qi0b+079y4aL3+QNNfa68bvoWejvx3aTjVuNcIoYnEeXP1nDtMEDBPULi8i+y2y5vqvOFnikNXQqnrnziDws9+a+5cJeHLYTv+qZQvqUo4yeRgX4CbDi5ryektekrSnEJdO7hV0mMwIDaFOf7kkPU4LhMypcGlGIVG2fpMLqPet+UFYGuLmRACfArv+ujpv3sQIdrGv/ENBTtEQ== Received: from BN9PR03CA0909.namprd03.prod.outlook.com (2603:10b6:408:107::14) by DM4PR12MB5890.namprd12.prod.outlook.com (2603:10b6:8:66::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.23; Mon, 18 May 2026 02:29:07 +0000 Received: from BN1PEPF00004687.namprd05.prod.outlook.com (2603:10b6:408:107:cafe::a4) by BN9PR03CA0909.outlook.office365.com (2603:10b6:408:107::14) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.25.23 via Frontend Transport; Mon, 18 May 2026 02:29:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.233) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.233 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.233; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.233) by BN1PEPF00004687.mail.protection.outlook.com (10.167.243.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.11 via Frontend Transport; Mon, 18 May 2026 02:29:06 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by mail.nvidia.com (10.127.129.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:59 -0700 Received: from drhqmail203.nvidia.com (10.126.190.182) by drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:58 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.126.190.182) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Sun, 17 May 2026 19:28:58 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v1 3/4] iommufd: Fix data_len byte-count vs element-count mismatch Date: Sun, 17 May 2026 19:28:48 -0700 Message-ID: <688327824893c46256c01e5e841d847f4b8dd940.1779070992.git.nicolinc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004687:EE_|DM4PR12MB5890:EE_ X-MS-Office365-Filtering-Correlation-Id: a0608df4-771a-4500-9cfb-08deb4853c81 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|36860700016|1800799024|11063799003|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: haIYOytgGPmbgT7qeRJyJhLiV1qev5YApEFyTXR74/MqBMQlhRJveW7w82w7rcW/E3hLlpfaK0V77gOkIdwbNNRdHhtqPy0/0KhJHlm0hi06hmJc+2yLF5yH+P1U1394+PFapYEQeROP9mk6MHt8AzyPbkC045aFULb3qejkcx23oOelqrLxLN9NMHT/EgdHgdp8hVUjiaGS3r9jyUBg+zlh/oT/PC4CHc8jVLedsIdfkzXKyS/PtQI40yZka7lZY8B2zZ/079J/CUC7ba8bYYkeOq5tlis2zC5e6tF6fRYWXRFsJ2nDeHK7JV563AC49RyKx0Wb9qPvtpLKySw+zoXl+OMXu8r3Kd/CdlSdMdyB/QRcTqYMfTWSLB4MaHD6bPyoEamTwUiqIwQlxDhUcAmMBn21TeFFG1PaEZLxcNnjTf+J/O/SrkbEBJZuCekITcMXPmnULe20L5mhqug6W7K7Hz4jLmsEk1bB0w9+xnROxsm4DJW9h4oIDEHdMKbVmD1PFeZE1nu8gYvKOMr5L1rMXO0pgmFGqSaJCPNEarmVbc3Rtzbfg+7M4NYmf5Rc8mPtHHwqwXZhasADNz6pFmpNvnnX1ibo/j7j7wT52lElLv6g2GuHjUzccmiKCsyaUvQnTi38p9LBClt8zFlysYArdyEuPVDa/VwJ/yMrGuYoKu1kfv46a+B+uL+iLgWGbRZyr6hqaes51cQmek73/lMIWUM/UQRLBCPK1cMYaJk= X-Forefront-Antispam-Report: CIP:216.228.118.233;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge2.nvidia.com;CAT:NONE;SFS:(13230040)(82310400026)(376014)(36860700016)(1800799024)(11063799003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mf6AWXCeT8oIh1a4kdO3dz1IN6A/QdIloJDoMeC/UZgsSfR8iJ5VljcjXg3hFKG2TlueRFhpz74j+56VngiLS2bHsnh+TyuCzIvLxRNhZjGK7iuJy1nllub9MDuAo7tDdbX03JzJok+6PVydcuNIbs237HxLWHmRi4baUulQ3DVOTysneJAyOHmYl0ZX7cVOiMTyhKW/wwRjx73LafrkFwGtxTjXpw+gzUPmKmVlF7SgTbKqn5zRhF/iTGsqhSDHxbHYIH+6PqDDWi4+hikmfPlWn+T4TW9AQQ519G46i1nQuX7l3wZhhJ+dBWaiIHy+wCi9K4ayBuqcQF533fYwvWaOZyrnwzrwilBVhnkPVEepKkQAU6NT6viiPlbFBkMLkI/DL397cQ8kr2eyhWxIrP4nWpF7/Qkx7NI9FDQeEke8OcGNB2Cq3wryiEquYh5O X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 02:29:06.9842 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a0608df4-771a-4500-9cfb-08deb4853c81 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.233];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004687.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5890 Content-Type: text/plain; charset="utf-8" kzalloc_flex() computes the allocation size. With event_data typed as u64, data_len is interpreted as a u64 element count. Yet, every caller and the read path treat data_len as a byte count. The current code over-allocates by sizeof(u64) and the __counted_by() annotation overstates the length by the same factor. Re-type event_data as u8. No functional change in user-visible behavior. Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and IOMMUFD_CMD_VEVE= NTQ_ALLOC") Cc: stable@vger.kernel.org Signed-off-by: Nicolin Chen Reviewed-by: Jason Gunthorpe --- drivers/iommu/iommufd/iommufd_private.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/iommufd/iommufd_private.h b/drivers/iommu/iommuf= d/iommufd_private.h index 6ac1965199e9a..43fbc5bed8de3 100644 --- a/drivers/iommu/iommufd/iommufd_private.h +++ b/drivers/iommu/iommufd/iommufd_private.h @@ -602,7 +602,7 @@ struct iommufd_vevent { struct iommufd_vevent_header header; struct list_head node; /* for iommufd_eventq::deliver */ ssize_t data_len; - u64 event_data[] __counted_by(data_len); + u8 event_data[] __counted_by(data_len); }; =20 #define vevent_for_lost_events_header(vevent) \ --=20 2.43.0 From nobody Mon May 25 09:56:49 2026 Received: from PH0PR06CU001.outbound.protection.outlook.com (mail-westus3azon11011022.outbound.protection.outlook.com [40.107.208.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B9C1377561; Mon, 18 May 2026 02:29:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.208.22 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071350; cv=fail; b=A8+6fglMdg/+Sz3PP1JxOhSz+W1mJkvbdAXAo7fhhFmGy/6lIer73kAleUJxEHMerJB0jmZCMuQ/VwHkLmCNYKjCszGRaMEwKYNq9pqaA0Xs+MxYLnN+ZOY2CCq81Xzjf/+a/yiupQL8YOQtoBRFQ9ie3pT3jlk0vI8V1pCKLFQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779071350; c=relaxed/simple; bh=W9r3svj7h9ZmnQJ/oq3Di0WApOClTemi1pKGKha0yos=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=efVLcPM8/YRSNjSr+G+UyKlJ47fgWKWZi42pfPgKZDEAXQ9dU75arDzhTSQfNJL5wErp26ySYB/i8g8vT/5y2LIqBSIGeJSSExXeFH8xVNFrVBQEcysoduluPaJ/avuUdlbVMdJQN84IETl8cMETWUq/bbVCalQROMXNMVQl+eE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=NX8H4Z1b; arc=fail smtp.client-ip=40.107.208.22 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="NX8H4Z1b" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LjsBDcGcRhNu6Lanhc75+4PXE1OIB3zmf+NA2g7BIsX0b0sXSG2RaiaxPjwC+8EjNcfmZKiCc16WP6Fdc6IVpJDSgcVevNw4piN2YjF7xdMLHfQ4/RMyK2Qd88y39ZKNNHRUtGD7EfKPlftXXTgbPnXkpScaziokmTGeCF0QhXRnbwpGLXE3RU/ILi0wEFdcQlPZ8t/V2u8uKvTZ7182OLXL8SDicZ6N4E5PClo7ejXZH1TOZGlmyIzvew7/x/xCSORZvOBB/sfHoG3qiiM2cZdCOxy9G5+Vc8KprbvW4S2rnfUrVJsRtnlWcTHUthq0Pv4t4EvV6JJ4Q673QnyNTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/gzw2F0Gwg+eov9hENGXkCe3auqhSfpgxzskXWN0L4I=; b=kwtgozlccEDeJsR6RadtpXTa+Z3hnof8Wt26xnTggsobAsbPw4NwDoeKIeys4nTxrvRUsBj32BDPtsI4/52m7BqzQQfYuqSez6FUiKNbWaWOj9wtjK5/lLQpyO9XoIGkTAVqlAj0n5THQ5PN5k0s+d5PtDjHrhpeGwkD2mlqXdaLcDJzK9QC8aoak+/akRRn7vek2k0TPdoREWKY+a2HBT4YvxYqHdiPZbNHqKohAdL+gjwEHbt5kuV2EgsEJy2TwR6d5vooZHTP4Aw20K8Sv8ApYqHcUviKS/N7VBkv8BTIEc6fSrpV1hWTr7MHJhsyjKqWJZuxojmrcJPPHTIHJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/gzw2F0Gwg+eov9hENGXkCe3auqhSfpgxzskXWN0L4I=; b=NX8H4Z1bU2z4ouxuCfu8cw7HZYi8SlWsO+cW+jmmNw91CeTdM6vqiu2eLlMtAaJCS/MH8qEOalxLj7ao0JbQQ5Duezh7fHnzlhRJw3vShG5iSTSgEgtmWNi62M1x1xIQybsZz1Zv7R01SMJJDOl9RHbVicj/9aZj/x6/S7Iovg11wrLZvkn01VzC07XO7QFe7z70U0kXoci2CRgFFNaGl+SNdemBnOqMDDI/P+JB95UjyCOsM0Q0YFCW8Nzm3IxQuW9faDbCf8A2HpV5KrGcbrR1a/W+McLhTywpRo+VavmFtBxSQY5Ox3/HmU+bDwBTSzQrf+BzaSn3uvvRFS+eJg== Received: from SJ0PR03CA0364.namprd03.prod.outlook.com (2603:10b6:a03:3a1::9) by CY3PR12MB9701.namprd12.prod.outlook.com (2603:10b6:930:103::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.22; Mon, 18 May 2026 02:29:01 +0000 Received: from SJ1PEPF0000231B.namprd03.prod.outlook.com (2603:10b6:a03:3a1:cafe::e3) by SJ0PR03CA0364.outlook.office365.com (2603:10b6:a03:3a1::9) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.25.23 via Frontend Transport; Mon, 18 May 2026 02:29:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SJ1PEPF0000231B.mail.protection.outlook.com (10.167.242.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.11 via Frontend Transport; Mon, 18 May 2026 02:29:01 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:59 -0700 Received: from drhqmail203.nvidia.com (10.126.190.182) by drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 17 May 2026 19:28:59 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.126.190.182) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Sun, 17 May 2026 19:28:59 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v1 4/4] iommufd/selftest: Add boundary tests for veventq_depth Date: Sun, 17 May 2026 19:28:49 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231B:EE_|CY3PR12MB9701:EE_ X-MS-Office365-Filtering-Correlation-Id: ea351d73-2986-4a2a-66e6-08deb4853925 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700016|1800799024|82310400026|11063799003|22082099003|18002099003|56012099003; X-Microsoft-Antispam-Message-Info: 8hOpdRCZ6lrFpUYWr1o1l5ipiIQFfauT2aMA5ewVIulDMIcl/xLCLosflXnhxdTLNpd6MkOO0SrMqLESnN03WnJh02wS7xRBy8bEFhwh5QTLq6PLNpkKt7bHBhHNkMyuMmcsaS4oDTR0xcIlB41EgOkEPeehidNQrotYhFQnirKsbbyEi+pyhwbY9W8N+lxXOgUt5llKK4Wa9kTwWozzaC3gVCQo35x4TmJzumLU1Cv33GIECagzH1VOSmEH/pe6Ujc1k/4I9C5ba3hejyvVbJVsyLZD7mpGJy4+Mao6+/OgXjhQI7Fq9RHGnMgIrW5lXcXYec2SNZKFehHNtis/fzK4WpSpwYtIzL8jR7NJibRM5/8gYA7cSDr8msQ8EffIDeqsXCmt096E7kt3/UDYJwWqLHSfwdmyGhyz219txTEni9ZFaXK/UBcavfx589OgisE0G4xEDIWsq65PyMn3KLF4lGeojLQGezDDsBV9trMVkIZ9h1oO5uKCmwFHZW7Qbf+dvb27HiVDixudWM4RTFsPlE5ukDWzTw0mWqBmoA5ITTC8udGNWkt/na33aD5x2xcbDHyYqbB0dVCLfSQ7OXWYoFcO6bCJmsgs3+PwGAgU4fD+d8XiA0xcZnEFPx19poxrCPSvRJvJsUQ97giSz2wro4bWw7efOxcCeg+StKfF9p5IeHUjU9y/eBvOzzZm1IUvR3OwjkEtIHTyRhVivQzlzV4DMUVkZ1WbCm4hN8M= X-Forefront-Antispam-Report: CIP:216.228.118.232;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge1.nvidia.com;CAT:NONE;SFS:(13230040)(376014)(36860700016)(1800799024)(82310400026)(11063799003)(22082099003)(18002099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: C9oJSOGhAAkqI2PUAzMizjK6SCC4Oip0uO4TgcSkdftnXv8MFrjKMs0E2zA4ziWj8lWx5MwyYXaCkAOkz3shd0qt4FzeJzW/wxatR+Y9/ju5iy0QOM787k81Frm5kvgb6BDlF9+4Soor7kg9Aapd8J04V0SvwotkbDpnufLivdjlO+zVKY8LDF9OSCUeQHWFk0Ygtp39o+848DUHvSWWG6LIkF8skjiTlTTPGp3MNoQipin0CP6Y3YCNfxzSMN5m5eGFRnh+fmNh6tfuqS4rklAyhrwxk7gvetlIYioYopWBFGZe3qDuG7vKVRUo7w76M4N7xJRwK6S1byVkR/GAp1C4jFH3fwDEshy8SJRrbq7y8/6f0bW+Ii+92Y2YQlS3kpvKSWRWk9bHmujKrmjFow1ioZdcBouapvJoikvy9FV5OaurRUbKcjSlX7Jx2sFt X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 02:29:01.5409 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ea351d73-2986-4a2a-66e6-08deb4853925 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.232];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231B.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY3PR12MB9701 Content-Type: text/plain; charset="utf-8" Test veventq_depth to cover a memory exhaustion vulnerability. Keep veventq_depth=3D2 for the existing callers. Signed-off-by: Nicolin Chen Reviewed-by: Jason Gunthorpe --- tools/testing/selftests/iommu/iommufd_utils.h | 17 +++++++++-------- tools/testing/selftests/iommu/iommufd.c | 19 +++++++++++++++++-- .../selftests/iommu/iommufd_fail_nth.c | 2 +- 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/iommu/iommufd_utils.h b/tools/testing/= selftests/iommu/iommufd_utils.h index 5502751d500c8..b4928cbd4d9c8 100644 --- a/tools/testing/selftests/iommu/iommufd_utils.h +++ b/tools/testing/selftests/iommu/iommufd_utils.h @@ -1060,12 +1060,13 @@ static int _test_cmd_hw_queue_alloc(int fd, __u32 v= iommu_id, __u32 type, base_addr, len, out_qid)) =20 static int _test_cmd_veventq_alloc(int fd, __u32 viommu_id, __u32 type, - __u32 *veventq_id, __u32 *veventq_fd) + __u32 depth, __u32 *veventq_id, + __u32 *veventq_fd) { struct iommu_veventq_alloc cmd =3D { .size =3D sizeof(cmd), .type =3D type, - .veventq_depth =3D 2, + .veventq_depth =3D depth, .viommu_id =3D viommu_id, }; int ret; @@ -1080,13 +1081,13 @@ static int _test_cmd_veventq_alloc(int fd, __u32 vi= ommu_id, __u32 type, return 0; } =20 -#define test_cmd_veventq_alloc(viommu_id, type, veventq_id, veventq_fd) \ - ASSERT_EQ(0, _test_cmd_veventq_alloc(self->fd, viommu_id, type, \ +#define test_cmd_veventq_alloc(viommu_id, type, depth, veventq_id, veventq= _fd) \ + ASSERT_EQ(0, _test_cmd_veventq_alloc(self->fd, viommu_id, type, depth, \ veventq_id, veventq_fd)) -#define test_err_veventq_alloc(_errno, viommu_id, type, veventq_id, \ - veventq_fd) \ - EXPECT_ERRNO(_errno, \ - _test_cmd_veventq_alloc(self->fd, viommu_id, type, \ +#define test_err_veventq_alloc(_errno, viommu_id, type, depth, veventq_id,= \ + veventq_fd) \ + EXPECT_ERRNO(_errno, \ + _test_cmd_veventq_alloc(self->fd, viommu_id, type, depth, \ veventq_id, veventq_fd)) =20 static int _test_cmd_trigger_vevents(int fd, __u32 dev_id, __u32 nvevents) diff --git a/tools/testing/selftests/iommu/iommufd.c b/tools/testing/selfte= sts/iommu/iommufd.c index d1fe5dbc2813e..2e8a27dab0bb8 100644 --- a/tools/testing/selftests/iommu/iommufd.c +++ b/tools/testing/selftests/iommu/iommufd.c @@ -2986,11 +2986,26 @@ TEST_F(iommufd_viommu, vdevice_alloc) test_err_mock_domain_replace(ENOENT, self->stdev_id, self->nested_hwpt_id); =20 + /* Test depth lower and upper bounds (mirrors kernel cap) */ +#define VEVENTQ_MAX_DEPTH (1U << 19) + test_err_veventq_alloc(EINVAL, viommu_id, + IOMMU_VEVENTQ_TYPE_SELFTEST, 0, NULL, + NULL); + test_err_veventq_alloc(EINVAL, viommu_id, + IOMMU_VEVENTQ_TYPE_SELFTEST, + VEVENTQ_MAX_DEPTH + 1, NULL, NULL); + test_cmd_veventq_alloc(viommu_id, IOMMU_VEVENTQ_TYPE_SELFTEST, + VEVENTQ_MAX_DEPTH, &veventq_id, + &veventq_fd); + close(veventq_fd); + test_ioctl_destroy(veventq_id); + /* Allocate a vEVENTQ with veventq_depth=3D2 */ test_cmd_veventq_alloc(viommu_id, IOMMU_VEVENTQ_TYPE_SELFTEST, - &veventq_id, &veventq_fd); + 2, &veventq_id, &veventq_fd); test_err_veventq_alloc(EEXIST, viommu_id, - IOMMU_VEVENTQ_TYPE_SELFTEST, NULL, NULL); + IOMMU_VEVENTQ_TYPE_SELFTEST, 2, NULL, + NULL); /* Set vdev_id to 0x99, unset it, and set to 0x88 */ test_cmd_vdevice_alloc(viommu_id, dev_id, 0x99, &vdev_id); test_cmd_mock_domain_replace(self->stdev_id, diff --git a/tools/testing/selftests/iommu/iommufd_fail_nth.c b/tools/testi= ng/selftests/iommu/iommufd_fail_nth.c index 45c14323a6183..25495d8dceb3d 100644 --- a/tools/testing/selftests/iommu/iommufd_fail_nth.c +++ b/tools/testing/selftests/iommu/iommufd_fail_nth.c @@ -712,7 +712,7 @@ TEST_FAIL_NTH(basic_fail_nth, device) return -1; =20 if (_test_cmd_veventq_alloc(self->fd, viommu_id, - IOMMU_VEVENTQ_TYPE_SELFTEST, &veventq_id, + IOMMU_VEVENTQ_TYPE_SELFTEST, 2, &veventq_id, &veventq_fd)) return -1; close(veventq_fd); --=20 2.43.0