From nobody Mon Jun 8 22:50:50 2026 Received: from CO1PR03CU002.outbound.protection.outlook.com (mail-westus2azon11010005.outbound.protection.outlook.com [52.101.46.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E621380FC2; Mon, 25 May 2026 18:51:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.46.5 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735107; cv=fail; b=Qbmf9RjeAjoS9lxRMMVWPdVkudrwa+u42d4YFjwipyIANEPUhvQ+cVclnvoG2W1EXizPcd5E38pFsMvVlJErfl9kvW+WdaWXsWCpNUJkUkE2YucJ/QboDnQeob49YLcKc4mPn+mHPP12aPjCvbahNKJREbvICiz1fXnBc3x4xmc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735107; c=relaxed/simple; bh=rjAiyxRykaDvhMlpZHkvteGoVnTzw3s6E7VHQya7slg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VLzN2+3Ja1Gy+wjckilVa/JsJu8XWu5hEOT0E6qpTBdahJUDNj4JJrIgrcLtajCstC1KH9Ds36fuI7pnBIuPya3J65wlbV4YrmVnxZh/jMtDQgMVXUBLNd1NVl4wvAjTXoscVYkAnCniFqIo76YhYWc/M6UhNl3hkiYPkMTAmpQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=OXO+N3JD; arc=fail smtp.client-ip=52.101.46.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="OXO+N3JD" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FttP49Tct5Rd9fWH1CAZ7zU80WknQ+I47isDEFiYV9oWUIAYCPWgACHIW1D3bbHqfUJJfwZ1XXAKrEogdE196aFsgvBKbQ1KtOMINew54qdkfFCwD558nUJIBmL4fRXyti+IiONR5x8sWFZtRe8SKmmv4ueMRWvD5m2sZ6UG54mLMWOlrQY7tZWbPBGqo9j870dnPkPSDRNEAz9BC/fh63lUUHxixB97lYc3FWQJfPRdy2JPhxEqauG02zIqIKY9CAkvHOgc5AOqjzuEW/KzGR5GKvXnaBfc1SIlsEu55YI1VCP6XOD+qoO9TZar5K4gfXOrH8sPoj/da9BDbGQ+dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GXCRnRHZwZQv4NFgx/xOgEVRBEA6RW/+BJ1T7vbaTPY=; b=lE1yXcdrSodt+mOyEoQmgnXPa7qIdRjFsf5bVyjV007jiHaQu0byTmF4yMXcHybfSYJ5Nxk5QDhuHfguD4iZUqt0UryPlsdoJtvca5Wg/hkgYM5z8rHb+rckStdaq0SOHa/1mAF0pmCAfEFo161TQeyi9EFp92fp5W4d0EPggX3hh0MZj1ddc+R51JYuiyBF4myh9W2D4PjHFj/rgYDyf2HivQa8+5Cpu5JvGvEtt3JqT5pCav+4/eLQxGoiQRlxsyJzwS9k97VIOhiwVThg6SeKHdVn2yhfg9b7Z1wh4vsp51BB/ZeFJOcTWFaaoEJ8fbJGL3eDlTOFEGBCyYvncA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GXCRnRHZwZQv4NFgx/xOgEVRBEA6RW/+BJ1T7vbaTPY=; b=OXO+N3JD4uZgDJfOdmIxOHG+vl5+MAuZfg98gaWxWuARYHO0eebqWwKLtRJS2idC+siGrmv9kOtEP28zvgfcjf+lf76s7UFznYqvJEFy2MPRt6gcPuNxZEHM9dkrnz9JcH/m4DUOiMS9VaqlVYx2oA/AS2BxpAk3y4e9+fb9WHK3gJ6txAHdaqY7utlIpfcFk7POKcsXCDT+P+Ub4LfQ5x0OW8yUnNxTgfWxI3tBzxLuBk5kPVIWpspHDVIYRtOFejfyu20Ad5Q9n+HKjBlP9jTBgFRdZJ91LbhhcysK6nID1q34XA2JucKKyBZBq8j4qxsZ/dIWf0hjuuM7YrO1bg== Received: from SA1PR04CA0014.namprd04.prod.outlook.com (2603:10b6:806:2ce::20) by PH0PR12MB7815.namprd12.prod.outlook.com (2603:10b6:510:28a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.14; Mon, 25 May 2026 18:51:41 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:2ce:cafe::5) by SA1PR04CA0014.outlook.office365.com (2603:10b6:806:2ce::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.48.20 via Frontend Transport; Mon, 25 May 2026 18:51:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.7 via Frontend Transport; Mon, 25 May 2026 18:51:41 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:29 -0700 Received: from rnnvmail202.nvidia.com (10.129.68.7) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:28 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.129.68.7) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Mon, 25 May 2026 11:51:28 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v3 1/4] iommufd: Fix data_len byte-count vs element-count mismatch Date: Mon, 25 May 2026 11:51:21 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|PH0PR12MB7815:EE_ X-MS-Office365-Filtering-Correlation-Id: 763afb54-9f02-4fa4-c1dd-08deba8ea8ad X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|1800799024|36860700016|11063799006|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: 09T+9mKkWFXW9wxYKp+RrgGz9sByaQAyf/X4SsqyNwVVNEaWVVIamJz6bdvO6iUnVPDFfqcJJhhzHPwDLvjNdfyFSWsPRkIqVW7Zr2R6R5bvxca29usVfWXVdwS9YgWe3GDPSnWySW3Vn7e5gsMPxDOZ0eY4jfMnV9V33n/ZSfhmXL2+QDn+vKSHpOvhPxYecI1v9p9ysc3dQWoDRdn1AHv70j2O5SteRCU06v+2ZYlc6DUpNNQmex4eK0OobkJc8tOlLDWOGjArggRvLr8SwRoOVbnAFUGkNoOAWMX8QI9U+g8hIHvLXlmCHI5O6mQ16vakuu5pgNfruwUljV8PBHMIEyx2hSo3VmJ8orWzEEPb0LwI0jwv7AAsqViolmgOxYaAky/QdXS6PwjmItFXXpv6HMud2k/+qhAflyQ/WE9M87qQSp5GqafkySBCdsol8pMPMWVj9vWOMxRCkTFfiialaGG/QqMJ4ZpKoSKK2cDo0OaE0fQHEKrkJzpBSwFv5V/Jv0iaDZPsvPG037AQmuj+euuL3jnC93lJ+M900MaYlKRKulC/OZIrJaIJazxbXQ70Zp9wENx9lldQARI8//01BsV51+d+qsdVUBMhx0lHHEdPxOThEw5d+lilU4AzNqq0CIYHY6OWAL3gO7XxCCf0e1sey9o9CdyLFni+cYpHMoBKGyHM56sn6VQFa5o59nctdKMNFw5iXD5tL/QfapE7xYHxXlsckt2iEngLLjw= X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230040)(82310400026)(376014)(1800799024)(36860700016)(11063799006)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Ynjky0YPA7vWKqGXWyYplG0YPDFkfQsyyL4M2q6mG0n4W3e4nhi25griG4pXsZZV+V6Jwg5GbTGk4mF3t7SWhklazrMaa0SipTfUFZ4deB6DIFxyOe2ba14FBzhEUkNzef0g9LMuXzt0Q4NMlpE+Yna1KkQowyDpUNE4Sb6TC5D0Qw4Iklp6IlFBT3451I+udJlpKpS/8rKZUtmwAm4xi0UJRF71/z50yhLHP23iwiKcIt8htSk1USLI3KJt1SyOVEsbbSplARHPykr69EfTbkCCcDsgOpgJqLMur0547DSskx+V/LcOId68OqC6aHUMp914Zkn9DMpnAPHXy+YfhkrjC/9an20/ISn7YD87cZLrwvG9r53nwi1QQt/sOh36xzj9T9muP4YKKS7vaqR5aSfwLijNWzAty35cC6hqbtD9HMJUSEIxz76dXQXzgNY+ X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2026 18:51:41.0059 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 763afb54-9f02-4fa4-c1dd-08deba8ea8ad X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7815 Content-Type: text/plain; charset="utf-8" kzalloc_flex() computes the allocation size. With event_data typed as u64, data_len is interpreted as a u64 element count. Yet, every caller and the read path treat data_len as a byte count. The current code over-allocates by sizeof(u64) and the __counted_by() annotation overstates the length by the same factor. Re-type event_data as u8. No functional change in user-visible behavior. Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and IOMMUFD_CMD_VEVE= NTQ_ALLOC") Cc: stable@vger.kernel.org Reviewed-by: Jason Gunthorpe Reviewed-by: Kevin Tian Signed-off-by: Nicolin Chen --- drivers/iommu/iommufd/iommufd_private.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/iommufd/iommufd_private.h b/drivers/iommu/iommuf= d/iommufd_private.h index 6ac1965199e9a..43fbc5bed8de3 100644 --- a/drivers/iommu/iommufd/iommufd_private.h +++ b/drivers/iommu/iommufd/iommufd_private.h @@ -602,7 +602,7 @@ struct iommufd_vevent { struct iommufd_vevent_header header; struct list_head node; /* for iommufd_eventq::deliver */ ssize_t data_len; - u64 event_data[] __counted_by(data_len); + u8 event_data[] __counted_by(data_len); }; =20 #define vevent_for_lost_events_header(vevent) \ --=20 2.43.0 From nobody Mon Jun 8 22:50:50 2026 Received: from DM1PR04CU001.outbound.protection.outlook.com (mail-centralusazon11010013.outbound.protection.outlook.com [52.101.61.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 227B9382F0C; Mon, 25 May 2026 18:51:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.61.13 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735113; cv=fail; b=CBy2PHgBVuZcrV344QqkrvbwFC4vkuv+OqrxAoXHciIjxsY93EPECmSufRtGY/gP5u0GAIcp8ZFmF2E61XPK3FpxlNL2HqNRMQEHMo2p3xJr51mSSNhgz6Vd+e849iLy7K6l8Jp7KGo1o92wg3X1TSEU01CnQ5mHjq0KKwoYuek= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735113; c=relaxed/simple; bh=NILOLy6lFH8IslxmfVXWD9SLqQKSPiLRBvuFGpj4EyA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=d6QI/4e/v8dXBoj3ux76F16zHG0XWXBTMSTjWP/ATI0DOL7CMLxWWpNo5WWI1sCGS1gyorBB0URXuImTV7sl+nfBa/Mryi4PjDBmxXlvJqrItDJ4H6PEnRmXP5SQ6HN/jVmNJuXk8RWx/LAt7vZ8wZUpy0ol1c1nRu+4+18xGcY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=h/BbDw/h; arc=fail smtp.client-ip=52.101.61.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="h/BbDw/h" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hlDKlR17CJAzl/LyVD9mnjVPa5aQS/qO7b9ooJUcmpPglI0ShcLO+m9uVgvdPmB0dEqUY13RuydArIUwUOFrpctn5bxW5lOz+MJ5ASxxp4S9yA81bV/kLFjHh71BJ4TMsyQHx3tL2xFfepKihmmW0Yspcq4ZeJScojcgIrK9JuifUKjemE6vGUvp2SjF87nTZoQPr+Djlod3ZbqWznu7olwUixHZpZsg3WU9mjaY35rx2jD7f4Yi6YQ0PQUuDVEuXW3HoqeXZzdbOWIH4awygSQhZn4M9/2yOjWEZMYbk38EmVqfcouy71uIJRKAARYxFa90DP7Ng9p0DTEf4/DaFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nZCaLIGE+Ik+dj7lVHs2X85RvdkVjkKjxGQXKj3b1lc=; b=JJNDy6yayupWovoyWIteaoEkqx7ePax6NaXPvPHhtR87wptCCG7ctOdVFm/MGBq/my3WiSqkNDX1Q9cvDdLrWa2asodtdlpr707Do08wi0OwEzxiGyUSZz50YKFHc0DfgAMTo0HtdAr+XazEQCS8p4kXtQuP7+n2VHE9VlTF6uFPT9WVhPs+MWf+zS54hGg3PEOO7PGmm4bWp125mxMlYIkQwg33rsDP5Z52Nw9bPX+qfoIaVr2afrl3kzus/2NEdAoXoHgfo44I8DUwAh+4ZRNM31XdSz44O1fqj75pfbCriUR9fYwsp5442TJPsj807dAh987yhSJ50E8e+LQu8Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZCaLIGE+Ik+dj7lVHs2X85RvdkVjkKjxGQXKj3b1lc=; b=h/BbDw/hXyCfgCkdpRFq7tDXDKBre9P5cGPxRTznVKuvv/XKzBzhYj26u9dnXiAh9nuq0vYdbC0rALjPbnf+T8e+gGaDil0yppNgWx+9hc5i6OhSr6PfwGiqNut2Cy067S2pVjua8Z/K0x45PCvcEvfgDuKBMwk/C3MjifrdDOZrXlkdvvyU3N0lagE2r2NdeM0YZBWpEDKqkRxPJvZRkn27U7HOl2RaS9udFdHm0oT9R99IDoluqcVLkiHobDm6FvvYIb0xAoIvPw5LtIIGzIhyFD07Ng/pElupM12Yv5cRDAgZmn/dFusfmp9G/CbIcVBN4hkY/slYYA4LMd1w7A== Received: from SN1PR12CA0102.namprd12.prod.outlook.com (2603:10b6:802:21::37) by BY5PR12MB4324.namprd12.prod.outlook.com (2603:10b6:a03:209::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.19; Mon, 25 May 2026 18:51:45 +0000 Received: from SN1PEPF0002636C.namprd02.prod.outlook.com (2603:10b6:802:21:cafe::1e) by SN1PR12CA0102.outlook.office365.com (2603:10b6:802:21::37) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.48.20 via Frontend Transport; Mon, 25 May 2026 18:51:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by SN1PEPF0002636C.mail.protection.outlook.com (10.167.241.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.7 via Frontend Transport; Mon, 25 May 2026 18:51:44 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:30 -0700 Received: from rnnvmail202.nvidia.com (10.129.68.7) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:29 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.129.68.7) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Mon, 25 May 2026 11:51:28 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v3 2/4] iommufd: Move vevent memory allocation outside spinlock Date: Mon, 25 May 2026 11:51:22 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF0002636C:EE_|BY5PR12MB4324:EE_ X-MS-Office365-Filtering-Correlation-Id: 86fb1f1f-b16a-4918-f939-08deba8eab0e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700016|376014|18002099003|22082099003|56012099003|11063799006; X-Microsoft-Antispam-Message-Info: cLTHkCS7Xle6qNLE9pq3LOWK1P/+izpGHF1BwT0c2sSj2Qydhsl9cylL1phLNuaa4CxrFs2X3SHdUxur69OLjYuLzTbYaDbfGDphkc23aWQDZA4ADnO2RsvdXjGOy+aKluU7nNkHI9D0AtXsiPAx664DEq3sF1qWeNQZ1fPYPRcIRP/eBve4W9Fy1H4ajicc8jyvsbDtRXH5yjtZGptanC2f4irSFg2hrnfq8tcnDkG4ds7Y5NZRjHD4CibIRzW7Ov+3fwemQ686rsVxza2y9NlWeW2esUgFYCQuP09j1fEYFcw77+gmcBvjsNULyfO6xQjvAcoXbxuClFRZbt7IvhNa3pzwsnMbrwAmtVLqgEYgC9LyN233W68SuGIYiprhe0DT2N4U6POFHnV8nlQ/FKMot6Jm+5oGyO9kHM6RjYqP0s+94ldeMsDFmQJlsU6UCLIdGY3A34DyAdszGzYwY6VhE97LxNvYDbnXOGyHG97wOlwEUMWDHHj5QNriSysb/MdP3lP0B+JwH+F2VdYMx/KNQ03uKF5TouRLbX8EXgQWOdaNPKZAkAQxO43Qfeea+I/6tjjQf7DLNLyGojMg0SBAalkcxOWpBtQNisuOXU5qFNdbCwgD55kH+yBqQRa1JZDScfIJtmY5JRXgU47td7i4WCCJktPxzNRL2mEBDzX8B/0ksnETO50bH3PVoklJp+OLBKs6iiOMo4fXTchZ6MTfp2m1ytw4F4QIqBnw9I0= X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700016)(376014)(18002099003)(22082099003)(56012099003)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: BVAMPV2pvDwyr0X37hjMy7EZjmiaEdZT/zzZk/Z+uKNCH7gWPEcqpo4Ra76ON4jQZww5L99dcVpigfWr7PKpn2JsTCyTkSiLVAcK4o9OMbk8Mq+PLH0soljX66Fu4vNiBQhkzFyg8kwI8mMxvEiOQqH8h+t8MKA7az5tnzKsMc2t+x++htTa0ecuQod4LGxas08gVGX/HTf4Aqoezff21u7PkjdOqk+LDsLL3zNrJKHztuQfwdflJ/O3V7iDHT9+TmekJ3GHJTwDPIIr9tgXUQq+/ChZ0ZTGDrnFYLGsH1F4SZy8KGkUXjFjU9cHqlxxSn48vcFi8EoECbSMK6LztYd8eiX0QzRB9VW872EL+ncusFrX+oy5ZiCGipnTtQli4BWpsSlu5mEwG/FNwtBxaI3aSO3n2YGf3VI2CSF0GcTkSU+Tcd2sUaRtsgNUZ59n X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2026 18:51:44.9714 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 86fb1f1f-b16a-4918-f939-08deba8eab0e X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002636C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4324 Content-Type: text/plain; charset="utf-8" The veventq memory allocation happens inside the spinlock. Given its depth is decided by the user space, this leaves a vulnerability, where userspace can allocate large queues to exhaust atomic memory reserves. Move the allocation outside the spinlock and use GFP_NOWAIT, which can fail fast under memory pressure without dipping into the GFP_ATOMIC reserves or direct-reclaiming from the threaded IRQ handler. On allocation failure, queue the lost_events_header (so userspace learns of the drop) and return -ENOMEM so the caller learns of the kernel-side memory pressure. This is intentionally distinct from the queue-overflow path, which also queues the lost_events_header but returns 0: a full queue is an expected userspace-pacing condition rather than a kernel error. A subsequent change will cap the upper bound of the veventq_depth. Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and IOMMUFD_CMD_VEVE= NTQ_ALLOC") Cc: stable@vger.kernel.org Reviewed-by: Jason Gunthorpe Reviewed-by: Kevin Tian Signed-off-by: Nicolin Chen --- drivers/iommu/iommufd/driver.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/iommu/iommufd/driver.c b/drivers/iommu/iommufd/driver.c index 61e6b02601d1a..3b8067976eac0 100644 --- a/drivers/iommu/iommufd/driver.c +++ b/drivers/iommu/iommufd/driver.c @@ -149,15 +149,18 @@ int iommufd_viommu_report_event(struct iommufd_viommu= *viommu, goto out_unlock_veventqs; } =20 - spin_lock(&veventq->common.lock); - if (veventq->num_events =3D=3D veventq->depth) { + /* Pre-allocate to avoid GFP_ATOMIC; use GFP_NOWAIT to avoid sleeping */ + vevent =3D kzalloc_flex(*vevent, event_data, data_len, GFP_NOWAIT); + if (!vevent) { + spin_lock(&veventq->common.lock); vevent =3D &veventq->lost_events_header; + rc =3D -ENOMEM; goto out_set_header; } =20 - vevent =3D kzalloc_flex(*vevent, event_data, data_len, GFP_ATOMIC); - if (!vevent) { - rc =3D -ENOMEM; + spin_lock(&veventq->common.lock); + if (veventq->num_events =3D=3D veventq->depth) { + kfree(vevent); vevent =3D &veventq->lost_events_header; goto out_set_header; } --=20 2.43.0 From nobody Mon Jun 8 22:50:50 2026 Received: from PH8PR06CU001.outbound.protection.outlook.com (mail-westus3azon11012037.outbound.protection.outlook.com [40.107.209.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AAE1C3806BE; Mon, 25 May 2026 18:51:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.209.37 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735107; cv=fail; b=cr/xF4/UUc5xVFk3O3WAiNYkqeB+C/quIYdvAmRAJQJyQGaYI46mK/HS4AkWwPihSFhIbNXnJ2ucOCLZnzSEPFKwH6ekwSieBX7152QeA9aEkBcddD0ilcOqkcD7pti3S5BrKD5XrrtJwrdbOcD/Tnf53imqbYVh8e4lyM7qPH4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735107; c=relaxed/simple; bh=Hicg/mnhVyhp0VygffGmwl06G+9sw6MQVjT1n/PbDAM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pO449TbSRggDiYkUcqp4ZBWjYuOPhGyU+j9oibNoGj3xw2olOMnXrFVFzGuewAGNk/HR5cZRWMKbCyj1kiXn8rgUs+Lcg+FPTRaGDYZXphsoqCOBmpP5tZTUiNqOIE+24eVsi2j+xpiex6nKig+LtAx6RuqbxgMBWRn1CbuLR1Q= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=tu0rW/MB; arc=fail smtp.client-ip=40.107.209.37 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="tu0rW/MB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WbcdZ252FNV0GBuDypXvJvEcrfmGSngG/i9k3jQ2FbAMo/gyLP+I93G+gROWCoysIhSfORPJhjjXay0//swkYQ1GXVc9UE5nzbsxjiax+FLnyT4ougGcMw9RjYAwNC+z6CWpftTqqZpB0U7++IoUKlQS5AGsoft4qTaRwhgevBlPPG9Qx8ZBd6gPjNtMna1NEhL/knkC5jEi+OYPDhX+Oq161monPsSXESQB8DMm/1ofJWVR5ISUh4xghSkzZYwRGCCWtrpSC7U6TduxOc7kaUeOJND0WVFPdFpNj2HHcdP741fHgLRcFI7rb61vIqag2isftI0k4a7hhbCyx1goBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XWBUZ0cOFWu85E7Y+mODB/8qE9vkwgxADRmEoehmOBs=; b=i7JboYaERlQqfmE21S7ZBh9VfmFtGnfO0DaOA5WjeDuHRZepGVMznYSVhQQvB6GmGGmBZYF0RacYFfRmdJm2O8JuzbqF/AEiZmab9d0DE0vauzCWojsiS+fZ/YxZ0pPaAXWVMWHbcJEVzteRrWSgfpajJPCiVYQrzELLt8NQ63LHQOu/MsfPCaYcXIm90e2VjjaI2xnRKOIAJWIYhu/F5KXITTFg311g+3OOGfPM1MVb6pRNic5PczX+FqkOydRTlky7PFtqNuMkcJBorq/tQpOUh4CSG3bRQMgexz8uroM+v8pGNvlRw+AJTmuZqmRUQoutI1z83WAILaQ88QVY7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XWBUZ0cOFWu85E7Y+mODB/8qE9vkwgxADRmEoehmOBs=; b=tu0rW/MBXIBbst/vwllcz23KCJNTjpCmB5RU5hdP4TkgOxM5ATnOyo5DcqfFhgDjuUafkNfmRqCrmBbPUyEVWvTV1UcSHdq6pPKlnlJsQmCFoJr9aznCtKsXZj9DSb7Fs/Cw2T+2cNtoSj+3LdTMRpYebLQ8jW3Us3XJyBmmhClReJLg7tffAhGDVZVpHXOxH3T+MY/r6SuapNlha2sR3KRhsNQO/wsjcGwS5EfoL0TyfUxRjmC1GK8DR+GmpDaUbjhEiPdM0Vc4tEF0iYF3RnrrjY/v+dCwFpCiyhGYvbD96JN/KohZExL2OPeoBdXUDFPL04Rg0KZsSfW7sWshNw== Received: from CH2PR11CA0013.namprd11.prod.outlook.com (2603:10b6:610:54::23) by MN2PR12MB4470.namprd12.prod.outlook.com (2603:10b6:208:260::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.20; Mon, 25 May 2026 18:51:42 +0000 Received: from CH1PEPF0000AD77.namprd04.prod.outlook.com (2603:10b6:610:54:cafe::34) by CH2PR11CA0013.outlook.office365.com (2603:10b6:610:54::23) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.48.19 via Frontend Transport; Mon, 25 May 2026 18:51:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by CH1PEPF0000AD77.mail.protection.outlook.com (10.167.244.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.7 via Frontend Transport; Mon, 25 May 2026 18:51:41 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:30 -0700 Received: from rnnvmail202.nvidia.com (10.129.68.7) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:30 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.129.68.7) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Mon, 25 May 2026 11:51:29 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v3 3/4] iommufd: Set veventq_depth upper bound Date: Mon, 25 May 2026 11:51:23 -0700 Message-ID: <04cad2bc0388b98d95a805774f0ac62bba6892a0.1779734952.git.nicolinc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH1PEPF0000AD77:EE_|MN2PR12MB4470:EE_ X-MS-Office365-Filtering-Correlation-Id: b20f3076-19cc-456f-e181-08deba8ea949 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700016|1800799024|82310400026|11063799006|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: MZCv+hi6gGwN7980TCZUJcUDhgq3PpgQdgOMQdbN3UjT8nnlzW/m3uihuSSUVcOx7+SKd7zN7tr2yxeHCTKJLqylZ3gqq6o0RaYTlDd1VAAUdsTACQ28707ETtgWaTeVsZsqygT2QFim05YA1GUGE7a8HVLrFBmBm7NV6Jvstjhpr6pjRTXbXjsmWo/HoN8q2DRY8lhmurvVUJh40IE9Xk6pda3FirjNR4wyLzVbaIns/RTFHDnXq2MwK9zcnsvvi0M56F2sYj3+nYru0tWmAL7MiVj8nk5IpGJxlsfqeDbLP3qCodu/AlVFJebgixxdW3W2PqPySSzmjQRTYvmP+/gGpHcjZDOf62HbfB4akEKIzZlJ1BETc9Zhq9hBmVkdl5QbbziodJEyoSPV6LXaTf7fABLqE8VfJiVW90swfYPqEhgW4ymV5nhRq2FjjyZLiV093qkeSWMx7RKoi1K8LByU5j4lD+crvsceM8Gt3pGvVZ+BYezoXdQk60UiZcUzIDIMo4hOvXcAgP9QJ4hjcuFQAg0yHtSODGqB0mgWCQDUDIGuYKhPLYI78h+0CPKJuEw7oTPz6t5M3N8quNG9aMxxbAoSPM7jGlnKk2+fYOpvs/KYtc0naA/QxGfkAi6rVQ/EhUNInmZsda5d98eB+svn/YzwpSHdwULQ9b4CeY/Wt5Nwkjl2L2g96aGT1qrV4IqdUvvCMkCX9mMybE1r75GISKnVr1ARm+AhdIUkdjA= X-Forefront-Antispam-Report: CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230040)(376014)(36860700016)(1800799024)(82310400026)(11063799006)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: y5dmDTa9Vkgknn1WKra+J3yPpSAGuSMTb00RAcGSZYBpMftC6yED7BUNriD/eMy1sfydDNU16Fu1rnxvE38/R7RYFm8qTvnmXX9SLP7er6ncPK4ZxEDPC7OHo/4Hoqnkqs28/+FwP3fOkJSQd0G6jY9oyssp2YH5PDanvbfef0GuARjKC88ZPTsUN/NkgVcScguQ3LoPT62QazDy/hMBqFjrshY+D9N/iT93LAaT6j6OsrKDHnqyL0glU1W4863mEIek6u/u3uFvOCF31FSRDoOr6iAX7BihiyJ58QuawzVjwDMvl+d2MdYEWag2Ar3kWZ2CApzqnfD2i3Mla2vWrM0azXONr50ffRzQIorhkMe8kzceMQr1Nd72vqPivbrNRXMzwSzNhCLv99pnIsZws/uubWprt2yuMOp6cnSZ1X4qJG5gXOpFKqRxRK73cyra X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2026 18:51:41.9924 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b20f3076-19cc-456f-e181-08deba8ea949 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CH1PEPF0000AD77.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4470 Content-Type: text/plain; charset="utf-8" iommufd_veventq_alloc() accepts any !0 veventq_depth from userspace, with an upper bound at U32_MAX. This leaves a vulnerability where userspace can allocate excessively large queues to exhaust kernel memory reserves. Cap the veventq_depth (maximum number of entries) to 1 << 19, matching the maximum number of entries in the SMMUv3 EVTQ (the largest use case today). Update the uAPI header accordingly. Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and IOMMUFD_CMD_VEVE= NTQ_ALLOC") Cc: stable@vger.kernel.org Reviewed-by: Jason Gunthorpe Reviewed-by: Kevin Tian Signed-off-by: Nicolin Chen --- include/uapi/linux/iommufd.h | 4 +++- drivers/iommu/iommufd/eventq.c | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/iommufd.h b/include/uapi/linux/iommufd.h index e998dfbd69603..8d07bb30af617 100644 --- a/include/uapi/linux/iommufd.h +++ b/include/uapi/linux/iommufd.h @@ -1267,7 +1267,9 @@ struct iommu_vevent_tegra241_cmdqv { * can have multiple FDs for different types, but is confined to one per @= type. * User space should open the @out_veventq_fd to read vEVENTs out of a vEV= ENTQ, * if there are vEVENTs available. A vEVENTQ will lose events due to overf= low, - * if the number of the vEVENTs hits @veventq_depth. + * if the number of the vEVENTs hits @veventq_depth. The maximum @veventq_= depth + * is implementation-specific; -EINVAL will be returned if the requested v= alue + * exceeds it. * * Each vEVENT in a vEVENTQ encloses a struct iommufd_vevent_header follow= ed by * a type-specific data structure, in a normal case: diff --git a/drivers/iommu/iommufd/eventq.c b/drivers/iommu/iommufd/eventq.c index 78689fb52d24c..1f1e415285b1a 100644 --- a/drivers/iommu/iommufd/eventq.c +++ b/drivers/iommu/iommufd/eventq.c @@ -473,6 +473,9 @@ int iommufd_fault_iopf_handler(struct iopf_group *group) static const struct file_operations iommufd_veventq_fops =3D INIT_EVENTQ_FOPS(iommufd_veventq_fops_read, NULL); =20 +/* An arbitrary upper bound for veventq_depth that fits all existing HWs */ +#define VEVENTQ_MAX_DEPTH (1U << 19) + int iommufd_veventq_alloc(struct iommufd_ucmd *ucmd) { struct iommu_veventq_alloc *cmd =3D ucmd->cmd; @@ -484,7 +487,7 @@ int iommufd_veventq_alloc(struct iommufd_ucmd *ucmd) if (cmd->flags || cmd->__reserved || cmd->type =3D=3D IOMMU_VEVENTQ_TYPE_DEFAULT) return -EOPNOTSUPP; - if (!cmd->veventq_depth) + if (!cmd->veventq_depth || cmd->veventq_depth > VEVENTQ_MAX_DEPTH) return -EINVAL; =20 viommu =3D iommufd_get_viommu(ucmd, cmd->viommu_id); --=20 2.43.0 From nobody Mon Jun 8 22:50:50 2026 Received: from DM1PR04CU001.outbound.protection.outlook.com (mail-centralusazon11010047.outbound.protection.outlook.com [52.101.61.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF9C134D929; Mon, 25 May 2026 18:51:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.61.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735108; cv=fail; b=H82OVN773WiBODkVJvqsg2fLBJMrJg9wxm04YbhEMxEvgThm4PkgFp3RiIowkFFi+0x5r8YbwSliXfMNHsGaf8hvubQNZv1VPIj+I98DSIds+aS/VlqMXqJy9Jj49DR3GOcNvmdwb+5oUIMXXlOxeBNiz1H+FxWLFb4G6b+S7zQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779735108; c=relaxed/simple; bh=yHb55UcXDznGVm+VjX2Fe5NvMCHB/DsbSFskbw89mtk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Dqyg6vZLsi2EkAl2ES+z7Ly2qCtqLkc5gVk5JgK5sMot/MfyzBY2+sN1JwnVl2XpJPoZ8C1G76PCGmCh9DUpx5MGcXlQxvbUZfJufAviYH52L9iIAtWyTOKgGZbD40MsnmhjoQ7Uaj7IjsuYNCRqexBp0rL7rYcK4sU0XMHNOmY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=jQUZjSYQ; arc=fail smtp.client-ip=52.101.61.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="jQUZjSYQ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ghL8exdJm6driBMqcnqx0rfwBqfbtpxsB4kJ+NL3UdZLW5dhGVbqG0WWmO3nxnb5+Xtns+yFGToD088T0UsgjvqbjHm/cmykNjAtpLYVtq6vwn+Z+MP/0VjMlbEPFYkqJLl7615V4PBn36LWmtQ5FYJT9C9+Xwg8Y6dqydKxhjsrkjBduwc4BZo080g0eSvDo6XylniGIBUhuVaQmDZI2Np73x3XdPBV9wuJSz7R5FS7M0fO4E7s58fh+5/W/B21reqUIsEj/pVXwkA7C06DM8OnCCbxMmAalt9qVKAVZpMGGzOTmrY0cvqwVPU8Vz/XzxNJafde0+YaxIJnpEgYVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k7B61/ftCGGPf5bK9LVmcUwvjGci2iodXWxRWEt8REY=; b=MlKnDjr3TWjdJmtEErcxKQVAiQ5fGI8tEAt0cUl0KkL7fWdh5wrPlLV1frzXXQWJ4b82HEXxniKoYD/dAY1RTIFisGX7l2zK5IztgBze6wZZTLyLFoHXlaFRisNGi7HIe2yxbHYgKLHKrMgYFsl/lXn8kikg6pb8rvCtxVpqzRMZ2NhetHO0pP+bBzVhzU2d5QgyF7Ype6YTS/E4FJMqQIvtKS8x3JRlYPg9IgUNdE0orqsZlP2E+GvoEbOAQnk3j0iuk+2K0TMyDJ6XX9c+XF20EtpMyCv5pidZXjKDB5dYUlu/kpgu5wt/Q0cnCjERlO/23pJMM7S++AXemVJS4A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k7B61/ftCGGPf5bK9LVmcUwvjGci2iodXWxRWEt8REY=; b=jQUZjSYQxb/5VHEnwT4eLKDWhrcR3C154Rs11ckJDF/hyjdLHicTv17JGFWe3nOvxlfVP0PJCWj0/tskPrk5kZT0Q1A3C0NLdUsM5TRBDHXyLKC7sJRS3XnXBcD5NCcJRt7gptAv0x2ficyCuK+hxakCt0MJ6su/UmWPuVGWKdJwylsrX6bgqlVCI3KiZTyZ23MkLcOXBeQ05ztvXfa0B4TULUfNi+N/zMAtylqvG0w11LndrYdLoe9ocZQ4jo8lX3KtbhQQF5IoDub8ALhL30m0cnPT+wx0Uvq9RiaqYWK0x4MKTpihiDrvdumiTya4Vy7Vg8VDasZBgIaubpxeQQ== Received: from CH2PR11CA0019.namprd11.prod.outlook.com (2603:10b6:610:54::29) by LV0PR12MB999092.namprd12.prod.outlook.com (2603:10b6:408:32e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.19; Mon, 25 May 2026 18:51:42 +0000 Received: from CH1PEPF0000AD77.namprd04.prod.outlook.com (2603:10b6:610:54:cafe::3c) by CH2PR11CA0019.outlook.office365.com (2603:10b6:610:54::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.48.19 via Frontend Transport; Mon, 25 May 2026 18:51:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by CH1PEPF0000AD77.mail.protection.outlook.com (10.167.244.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.7 via Frontend Transport; Mon, 25 May 2026 18:51:42 +0000 Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:31 -0700 Received: from rnnvmail202.nvidia.com (10.129.68.7) by rnnvmail205.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 25 May 2026 11:51:31 -0700 Received: from Asurada-Nvidia.nvidia.com (10.127.8.9) by mail.nvidia.com (10.129.68.7) with Microsoft SMTP Server id 15.2.2562.20 via Frontend Transport; Mon, 25 May 2026 11:51:30 -0700 From: Nicolin Chen To: , CC: , , Subject: [PATCH rc v3 4/4] iommufd/selftest: Add boundary tests for veventq_depth Date: Mon, 25 May 2026 11:51:24 -0700 Message-ID: <452156618d1d4ca5d3a6bb2e7b44007d2fde5216.1779734952.git.nicolinc@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH1PEPF0000AD77:EE_|LV0PR12MB999092:EE_ X-MS-Office365-Filtering-Correlation-Id: a89116e9-cd83-4c79-fd6d-08deba8ea98d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|36860700016|82310400026|6133799003|22082099003|18002099003|56012099003|11063799006; X-Microsoft-Antispam-Message-Info: qZtbmRQwmdPIDal46mx3fJk987j3FlYJBpWhi6XUSyklALVphLPOjrfXfZh9N/Mu9IOkUR+Iow24zzFzLAfsUsS+EgD83rX0E0aYnW4VhxR8nPFWfcrk1k5Yg3m4T4m6J6r9uiDJUT/mdHVLNcLm9tCY2gjAQ2I8P2B37pib0gHlt5a23SwQlMkIij3/WAoNAVLZ4aSljg/swz1FIpJPpfvVtfqBnAyg6YZ+Ir5DGdAYJP7cZ+KntcWohIN1DToOxC3xcaF/lf5EU2DnOCRSRydPerjbID3hQ1gwHYo5iST23jzXxvAj8MKJ6yo6KBdZ+7f94ClJhkp/2gLt7OGH78+rCzdzPauw9onQUCd+ascaSJJboX6vEd1AfIQB6ofhig+e7n2dBHA2eXDqcqx0W/Qw4Qywkz5USKtpHace9WwrTModX2FoRCd4/OmIktXQM70fvexCda/CqGs0tmbgWrXNXKHpypjNyxYAcxmmbcg1sG0IDI7B5m6sR1qC1o/tFaw+JFxuVZsRGDSdK/23hFOBIWcZ5Fnii631O0vTQqx/EPMvsc9UjWc9cujv896JgK07AQomC7jNIQSPig0umjONfzlFPTAkiUEaUYwWtAJ85EL2DKZNkxYGGgDImnenYW2RsVGP3LlEYtWHWMmKH+tOgkD91bEQqW6h6fGwGJ6z0AVc+WrHdwRUWScNVnkaALt71z7jhC9xnz0eZEaWTkyh4WMuvtBZPBoaSo7aBO8= X-Forefront-Antispam-Report: CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230040)(376014)(1800799024)(36860700016)(82310400026)(6133799003)(22082099003)(18002099003)(56012099003)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: szUbBf8R+TG0PbjBL4tV2QrZjpYwdk/0P2kH+uIgBjDtcMEaA31Diz9NVEhQR26wtI1P7N0GARbycc+U4h6Wgjl4VCeHR6MCnowXQPks+d6lL8ZECcC9SxGl+7O4Wl2ehUCDsvncqgV7ZfZ3AYQb2PFCmbkNCLFtzDVOuBU2L60fEGwwdssMm6xYWCh7ssR6bs26cz99mJ7yh+KfXmewxL0E66L9TJd6w+P5c2c7qRvPWNiHb0Dr8YOibV/TxPTSLLEXeqq3ZeeP4E7+FIcqH5tn/1YEt2Dh01L4Eb3eHziOdHGzt7GW/vXTNMPIWwvqHqe8rH5Oi3ut8sJbn2E+1p31UnL/Me9UuzzBXo324WwhrLwaIwm6OHukcK/zRT6nk7aigjgXSxe9WufPWJdmaLxTT/y3Fqh/AAqCB2IWzTgcVXEKzPmRzlpNQnFwa4zK X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2026 18:51:42.4342 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a89116e9-cd83-4c79-fd6d-08deba8ea98d X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CH1PEPF0000AD77.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV0PR12MB999092 Content-Type: text/plain; charset="utf-8" Test veventq_depth to cover a memory exhaustion vulnerability. Keep veventq_depth=3D2 for the existing callers. Reviewed-by: Jason Gunthorpe Reviewed-by: Kevin Tian Signed-off-by: Nicolin Chen --- tools/testing/selftests/iommu/iommufd_utils.h | 17 +++++++++-------- tools/testing/selftests/iommu/iommufd.c | 19 +++++++++++++++++-- .../selftests/iommu/iommufd_fail_nth.c | 2 +- 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/iommu/iommufd_utils.h b/tools/testing/= selftests/iommu/iommufd_utils.h index 5502751d500c8..b4928cbd4d9c8 100644 --- a/tools/testing/selftests/iommu/iommufd_utils.h +++ b/tools/testing/selftests/iommu/iommufd_utils.h @@ -1060,12 +1060,13 @@ static int _test_cmd_hw_queue_alloc(int fd, __u32 v= iommu_id, __u32 type, base_addr, len, out_qid)) =20 static int _test_cmd_veventq_alloc(int fd, __u32 viommu_id, __u32 type, - __u32 *veventq_id, __u32 *veventq_fd) + __u32 depth, __u32 *veventq_id, + __u32 *veventq_fd) { struct iommu_veventq_alloc cmd =3D { .size =3D sizeof(cmd), .type =3D type, - .veventq_depth =3D 2, + .veventq_depth =3D depth, .viommu_id =3D viommu_id, }; int ret; @@ -1080,13 +1081,13 @@ static int _test_cmd_veventq_alloc(int fd, __u32 vi= ommu_id, __u32 type, return 0; } =20 -#define test_cmd_veventq_alloc(viommu_id, type, veventq_id, veventq_fd) \ - ASSERT_EQ(0, _test_cmd_veventq_alloc(self->fd, viommu_id, type, \ +#define test_cmd_veventq_alloc(viommu_id, type, depth, veventq_id, veventq= _fd) \ + ASSERT_EQ(0, _test_cmd_veventq_alloc(self->fd, viommu_id, type, depth, \ veventq_id, veventq_fd)) -#define test_err_veventq_alloc(_errno, viommu_id, type, veventq_id, \ - veventq_fd) \ - EXPECT_ERRNO(_errno, \ - _test_cmd_veventq_alloc(self->fd, viommu_id, type, \ +#define test_err_veventq_alloc(_errno, viommu_id, type, depth, veventq_id,= \ + veventq_fd) \ + EXPECT_ERRNO(_errno, \ + _test_cmd_veventq_alloc(self->fd, viommu_id, type, depth, \ veventq_id, veventq_fd)) =20 static int _test_cmd_trigger_vevents(int fd, __u32 dev_id, __u32 nvevents) diff --git a/tools/testing/selftests/iommu/iommufd.c b/tools/testing/selfte= sts/iommu/iommufd.c index d1fe5dbc2813e..2e8a27dab0bb8 100644 --- a/tools/testing/selftests/iommu/iommufd.c +++ b/tools/testing/selftests/iommu/iommufd.c @@ -2986,11 +2986,26 @@ TEST_F(iommufd_viommu, vdevice_alloc) test_err_mock_domain_replace(ENOENT, self->stdev_id, self->nested_hwpt_id); =20 + /* Test depth lower and upper bounds (mirrors kernel cap) */ +#define VEVENTQ_MAX_DEPTH (1U << 19) + test_err_veventq_alloc(EINVAL, viommu_id, + IOMMU_VEVENTQ_TYPE_SELFTEST, 0, NULL, + NULL); + test_err_veventq_alloc(EINVAL, viommu_id, + IOMMU_VEVENTQ_TYPE_SELFTEST, + VEVENTQ_MAX_DEPTH + 1, NULL, NULL); + test_cmd_veventq_alloc(viommu_id, IOMMU_VEVENTQ_TYPE_SELFTEST, + VEVENTQ_MAX_DEPTH, &veventq_id, + &veventq_fd); + close(veventq_fd); + test_ioctl_destroy(veventq_id); + /* Allocate a vEVENTQ with veventq_depth=3D2 */ test_cmd_veventq_alloc(viommu_id, IOMMU_VEVENTQ_TYPE_SELFTEST, - &veventq_id, &veventq_fd); + 2, &veventq_id, &veventq_fd); test_err_veventq_alloc(EEXIST, viommu_id, - IOMMU_VEVENTQ_TYPE_SELFTEST, NULL, NULL); + IOMMU_VEVENTQ_TYPE_SELFTEST, 2, NULL, + NULL); /* Set vdev_id to 0x99, unset it, and set to 0x88 */ test_cmd_vdevice_alloc(viommu_id, dev_id, 0x99, &vdev_id); test_cmd_mock_domain_replace(self->stdev_id, diff --git a/tools/testing/selftests/iommu/iommufd_fail_nth.c b/tools/testi= ng/selftests/iommu/iommufd_fail_nth.c index 45c14323a6183..25495d8dceb3d 100644 --- a/tools/testing/selftests/iommu/iommufd_fail_nth.c +++ b/tools/testing/selftests/iommu/iommufd_fail_nth.c @@ -712,7 +712,7 @@ TEST_FAIL_NTH(basic_fail_nth, device) return -1; =20 if (_test_cmd_veventq_alloc(self->fd, viommu_id, - IOMMU_VEVENTQ_TYPE_SELFTEST, &veventq_id, + IOMMU_VEVENTQ_TYPE_SELFTEST, 2, &veventq_id, &veventq_fd)) return -1; close(veventq_fd); --=20 2.43.0