From: Jason Gunthorpe <jgg@nvidia.com>
To: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>
Cc: Ankit Agrawal <ankita@nvidia.com>,
Brett Creeley <brett.creeley@amd.com>,
Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
Kevin Tian <kevin.tian@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
liulongfang <liulongfang@huawei.com>,
"qat-linux@intel.com" <qat-linux@intel.com>,
"virtualization@lists.linux.dev" <virtualization@lists.linux.dev>,
Xin Zeng <xin.zeng@intel.com>, Yishai Hadas <yishaih@nvidia.com>,
Alex Williamson <alex.williamson@redhat.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Nicolin Chen <nicolinc@nvidia.com>,
"patches@lists.linux.dev" <patches@lists.linux.dev>,
Terrence Xu <terrence.xu@intel.com>,
Yanting Jiang <yanting.jiang@intel.com>,
Yi Liu <yi.l.liu@intel.com>,
Zhenzhong Duan <zhenzhong.duan@intel.com>
Subject: Re: [PATCH v2] vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD
Date: Fri, 11 Jul 2025 19:45:11 -0300 [thread overview]
Message-ID: <20250711224511.GJ1951027@nvidia.com> (raw)
In-Reply-To: <30449f7531ae42439136316321b3d60e@huawei.com>
On Fri, Jul 11, 2025 at 12:01:49PM +0000, Shameerali Kolothum Thodi wrote:
> > minsz = offsetofend(struct vfio_device_bind_iommufd, out_devid);
> >
> > - if (copy_from_user(&bind, arg, minsz))
> > - return -EFAULT;
> > + ret = get_user(user_size, &arg->argsz);
> > + if (ret)
> > + return ret;
> > + if (bind.argsz < minsz)
>
> The above check should use user_size.
Woops for sure!
> With that fixed, I did a basic sanity testing with a latest Qemu(no BIND_FLAG_TOKEN flag),
> assigning a vf to a Guest. Seems to be OK. No regression observed.
>
> FWIW:
> Tested-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Thanks for testing!
Jason
next prev parent reply other threads:[~2025-07-11 22:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-10 15:30 [PATCH v2] vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD Jason Gunthorpe
2025-07-11 3:15 ` Tian, Kevin
2025-07-11 12:01 ` Shameerali Kolothum Thodi
2025-07-11 22:45 ` Jason Gunthorpe [this message]
2025-07-14 13:12 ` Yi Liu
2025-07-14 14:29 ` Jason Gunthorpe
2025-07-14 15:12 ` Alex Williamson
2025-07-14 16:08 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250711224511.GJ1951027@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=ankita@nvidia.com \
--cc=brett.creeley@amd.com \
--cc=giovanni.cabiddu@intel.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=liulongfang@huawei.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=patches@lists.linux.dev \
--cc=qat-linux@intel.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=terrence.xu@intel.com \
--cc=virtualization@lists.linux.dev \
--cc=xin.zeng@intel.com \
--cc=yanting.jiang@intel.com \
--cc=yi.l.liu@intel.com \
--cc=yishaih@nvidia.com \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.