From: Jason Gunthorpe <jgg@nvidia.com>
To: Yi Liu <yi.l.liu@intel.com>
Cc: iommu@lists.linux.dev, Joerg Roedel <joro@8bytes.org>,
Kevin Tian <kevin.tian@intel.com>,
Robin Murphy <robin.murphy@arm.com>,
Will Deacon <will@kernel.org>, Eric Auger <eric.auger@redhat.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
patches@lists.linux.dev,
syzbot+57fdb0cf6a0c5d1f15a2@syzkaller.appspotmail.com
Subject: Re: [PATCH] iommufd: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
Date: Wed, 17 Dec 2025 09:39:51 -0400 [thread overview]
Message-ID: <20251217133951.GN6079@nvidia.com> (raw)
In-Reply-To: <0693bba1-4ed6-4243-94ac-da85e8f51846@intel.com>
On Wed, Dec 17, 2025 at 05:17:46PM +0800, Yi Liu wrote:
> On 2025/12/17 01:13, Jason Gunthorpe wrote:
> > syzkaller found it could overflow math in the test infrastructure and
> > cause a WARN_ON by corrupting the reserved interval tree. This only
> > effects test kernels with CONFIG_IOMMUFD_TEST.
> >
> > Validate the user input length in the test ioctl.
> >
> > Fixes: f4b20bb34c83 ("iommufd: Add kernel support for testing iommufd")
> > Reported-by: syzbot+57fdb0cf6a0c5d1f15a2@syzkaller.appspotmail.com
> > Closes: https://lore.kernel.org/all/69368129.a70a0220.38f243.008f.GAE@google.com
> > Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> > ---
> > drivers/iommu/iommufd/selftest.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
>
> Tested-by: Yi Liu <yi.l.liu@intel.com>
>
> a nit: is it necessary to add another overflow test case in selftest?
No, this is just test code not actual production code..
Jason
next prev parent reply other threads:[~2025-12-17 21:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-16 17:13 [PATCH] iommufd: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED Jason Gunthorpe
2025-12-16 17:42 ` Samiullah Khawaja
2025-12-17 9:17 ` Yi Liu
2025-12-17 13:39 ` Jason Gunthorpe [this message]
2025-12-18 6:48 ` Tian, Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251217133951.GN6079@nvidia.com \
--to=jgg@nvidia.com \
--cc=eric.auger@redhat.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=mjrosato@linux.ibm.com \
--cc=patches@lists.linux.dev \
--cc=robin.murphy@arm.com \
--cc=syzbot+57fdb0cf6a0c5d1f15a2@syzkaller.appspotmail.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.