Re: [PATCH v5] dma-buf: Fix silent overflow for phys vec to sgt

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Leon Romanovsky <leon@kernel.org>
To: David Hu <xuehaohu@google.com>
Cc: "Sumit Semwal" <sumit.semwal@linaro.org>,
	"Christian König" <christian.koenig@amd.com>,
	"Jason Gunthorpe" <jgg@ziepe.ca>,
	"Nicolin Chen" <nicolinc@nvidia.com>,
	"Kevin Tian" <kevin.tian@intel.com>,
	"Ankit Agrawal" <ankita@nvidia.com>,
	"Alex Williamson" <alex@shazbot.org>,
	linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org,
	linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org,
	iommu@lists.linux.dev, jmoroni@google.com, praan@google.com,
	stable@vger.kernel.org
Subject: Re: [PATCH v5] dma-buf: Fix silent overflow for phys vec to sgt
Date: Sun, 7 Jun 2026 11:02:44 +0300	[thread overview]
Message-ID: <20260607080244.GA327369@unreal> (raw)
In-Reply-To: <CAPd9Lg_JkRdtNa=n+HE9SP+NFCSB+X_97eiPBqiONVLwV0pHwQ@mail.gmail.com>

On Thu, Jun 04, 2026 at 03:36:48PM -0400, David Hu wrote:
> On Thu, Jun 4, 2026 at 5:43 AM Leon Romanovsky <leon@kernel.org> wrote:
> >
> > On Mon, Jun 01, 2026 at 08:00:12PM +0000, David Hu wrote:
> > > @@ -36,7 +36,7 @@ static unsigned int calc_sg_nents(struct dma_iova_state *state,
> > >                                 struct phys_vec *phys_vec, size_t nr_ranges,
> > >                                 size_t size)
> > >  {
> > > -     unsigned int nents = 0;
> > > +     size_t nents = 0;
> > >       size_t i;
> > >
> > >       if (!state || !dma_use_iova(state)) {
> > > @@ -51,6 +51,9 @@ static unsigned int calc_sg_nents(struct dma_iova_state *state,
> > >               nents = DIV_ROUND_UP(size, UINT_MAX);
> > >       }
> > >
> > > +     if (nents > UINT_MAX)
> >
> > I would suggest to use check_add_overflow() while calculating nents
> > instead of this check.
> 
> Hi Leon,
> 
> Thank you for the review. Using `check_add_overflow()` is a great
> suggestion and definitely
> cleaner for the accumulation loop. I'll update this for v6.
> 
> > > @@ -133,6 +137,11 @@ struct sg_table *dma_buf_phys_vec_to_sgt(struct dma_buf_attachment *attach,
> > >       }
> > >
> > >       nents = calc_sg_nents(dma->state, phys_vec, nr_ranges, size);
> > > +     if (!nents) {
> > > +             ret = -EINVAL;
> > > +             goto err_free_state;
> > > +     }
> >
> > Technically, this hunk is not necessary, since sg_alloc_table() will
> > return -EINVAL when nents == 0. At least, that is the behavior I relied on.
> 
> I originally added this explicit check in v5 to address Jason's
> feedback, and to make the
> failure explicit rather than relying on `sg_alloc_table()` failing
> silently on `nents=0`.

I prefer explicit checks, but I am not in favor of duplicating them.
Since sg_alloc_table() already validates this condition, we do not need
to repeat the same check in dma-buf. A comment should be sufficient to
inform future reviewers that nents == 0 is already handled.

Thanks

> 
> Jason, do you have a strong preference here? I am happy to drop the
> hunk and rely on
> `sg_alloc_table()` returning `-EINVAL` if you are both comfortable with that.
> 
> Thanks,
> David

     prev parent reply	other threads:[~2026-06-07  8:02 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-01 20:00 [PATCH v5] dma-buf: Fix silent overflow for phys vec to sgt David Hu
2026-06-01 20:13 ` sashiko-bot
2026-06-03  7:04 ` Tian, Kevin
2026-06-04  9:43 ` Leon Romanovsky
2026-06-04 19:36   ` David Hu
2026-06-07  8:02     ` Leon Romanovsky [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260607080244.GA327369@unreal \
    --to=leon@kernel.org \
    --cc=alex@shazbot.org \
    --cc=ankita@nvidia.com \
    --cc=christian.koenig@amd.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=iommu@lists.linux.dev \
    --cc=jgg@ziepe.ca \
    --cc=jmoroni@google.com \
    --cc=kevin.tian@intel.com \
    --cc=linaro-mm-sig@lists.linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-media@vger.kernel.org \
    --cc=nicolinc@nvidia.com \
    --cc=praan@google.com \
    --cc=stable@vger.kernel.org \
    --cc=sumit.semwal@linaro.org \
    --cc=xuehaohu@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.