Re: [PATCH v5 4/5] iommufd/tsm: add vdevice TSM bind/unbind ioctl

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Silent truncation of `virt_id` from 64-bit to 32-bit when calling `pci_tsm_bind`.
--

commit b7dc3508d5fe2b83fd395c4d50b0951a9d3d243b
Author: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>

iommufd/tsm: add vdevice TSM bind/unbind ioctl

Introduce IOMMU_VDEVICE_TSM_OP to allow userspace to issue TSM bind/unbind
operations for an iommufd vdevice. Also add common TSM helpers in tsm-core
and wire vdevice teardown to unbind the device from TSM state.

> diff --git a/drivers/virt/coco/tsm-core.c b/drivers/virt/coco/tsm-core.c
> index e784993353d8f..3870d08ffe0d1 100644
> --- a/drivers/virt/coco/tsm-core.c
> +++ b/drivers/virt/coco/tsm-core.c
[ ... ]
> @@ -108,6 +108,25 @@ void tsm_unregister(struct tsm_dev *tsm_dev)
>  }
>  EXPORT_SYMBOL_GPL(tsm_unregister);
>  
> +int tsm_bind(struct device *dev, struct kvm *kvm, u64 tdi_id)
> +{
> +	if (!dev_is_pci(dev))
> +		return -EINVAL;
> +
> +	return pci_tsm_bind(to_pci_dev(dev), kvm, tdi_id);

[Severity: Medium]
Does this cause a silent truncation of the virtual ID?

While tsm_bind accepts a u64 tdi_id, it passes this argument directly to
pci_tsm_bind, which expects a u32 tdi_id.

Because iommufd_vdevice_alloc_ioctl allows userspace to supply a 64-bit
virt_id, passing a value larger than 32 bits here will result in a truncated,
incorrect virtual device ID being registered with the TSM layer.

Could this lead to state inconsistency between iommufd and the TSM subsystem?

> +}
> +EXPORT_SYMBOL_GPL(tsm_bind);

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260525154816.1029642-1-aneesh.kumar@kernel.org?part=4