[PATCH v3 0/2] vfio: selftests: Add calloc_assert() and avoid VLAs

[PATCH v3 0/2] vfio: selftests: Add calloc_assert() and avoid VLAs

[Alex Mastro]

Add a VFIO selftest calloc_assert() helper, then use it in places that
open-code calloc() or malloc() followed by VFIO_ASSERT_NOT_NULL().

Use that helper to replace initialized variable-length stack buffers in
vfio_pci_device.c with heap allocations. This avoids GCC rejecting
initialized VLAs and avoids treating a u8 buffer as a possibly
under-aligned VFIO request struct.

Changes in v3:
- Add the calloc_assert() helper as a precursor patch.
- Convert existing VFIO selftest calloc() assertion sites.
- Update the VLA fix to use calloc_assert().
- Link to v2: https://patch.msgid.link/20260615-scratch-amastro-vfio-selftests-avoid-vlas-v2-1-4e4df462908a@fb.com

Changes in v2:
- Reverse xmas tree variable ordering
- Link to v1: https://patch.msgid.link/20260612-scratch-amastro-vfio-selftests-avoid-vlas-v1-1-ba3acb635f0a@fb.com

Signed-off-by: Alex Mastro <amastro@fb.com>
---
Alex Mastro (2):
      vfio: selftests: Add calloc_assert() helper
      vfio: selftests: Avoid VLAs

 .../selftests/vfio/lib/include/libvfio/assert.h    | 10 +++++++
 tools/testing/selftests/vfio/lib/iommu.c           | 12 +++-----
 tools/testing/selftests/vfio/lib/iova_allocator.c  |  4 +--
 tools/testing/selftests/vfio/lib/sysfs.c           |  3 +-
 tools/testing/selftests/vfio/lib/vfio_pci_device.c | 32 ++++++++++++----------
 .../vfio/vfio_pci_device_init_perf_test.c          |  4 +--
 6 files changed, 35 insertions(+), 30 deletions(-)
---
base-commit: a26b499b757cfc8bbff1088bb1b844639e250893
change-id: 20260612-scratch-amastro-vfio-selftests-avoid-vlas-395eb3dcb3ab

Best regards,
--  
Alex Mastro <amastro@fb.com>

[PATCH v3 1/2] vfio: selftests: Add calloc_assert() helper

[Alex Mastro]

Add a calloc_assert() helper alongside the existing ioctl_assert() and
snprintf_assert() helpers.

Use it for VFIO selftest allocations that immediately assert a
non-NULL result.

Assisted-by: Codex:gpt-5.5-high
Signed-off-by: Alex Mastro <amastro@fb.com>
---
 tools/testing/selftests/vfio/lib/include/libvfio/assert.h    | 10 ++++++++++
 tools/testing/selftests/vfio/lib/iommu.c                     | 12 ++++--------
 tools/testing/selftests/vfio/lib/iova_allocator.c            |  4 +---
 tools/testing/selftests/vfio/lib/sysfs.c                     |  3 +--
 tools/testing/selftests/vfio/lib/vfio_pci_device.c           |  6 ++----
 .../testing/selftests/vfio/vfio_pci_device_init_perf_test.c  |  4 ++--
 6 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/tools/testing/selftests/vfio/lib/include/libvfio/assert.h b/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
index 77b68c7129a6..f0490a403826 100644
--- a/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
+++ b/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
@@ -3,6 +3,7 @@
 #define SELFTESTS_VFIO_LIB_INCLUDE_LIBVFIO_ASSERT_H
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/ioctl.h>
 
@@ -45,6 +46,15 @@
 	VFIO_LOG_AND_EXIT(_fmt, ##__VA_ARGS__);			\
 } while (0)
 
+#define calloc_assert(_nmemb, _size) ({				\
+	size_t __nmemb = (_nmemb);				\
+	size_t __size = (_size);				\
+	void *__ptr = calloc(__nmemb, __size);			\
+	VFIO_ASSERT_NOT_NULL(__ptr, "calloc(%zu, %zu) failed",	\
+			     __nmemb, __size);			\
+	__ptr;							\
+})
+
 #define ioctl_assert(_fd, _op, _arg) do {						       \
 	void *__arg = (_arg);								       \
 	int __ret = ioctl((_fd), (_op), (__arg));					       \
diff --git a/tools/testing/selftests/vfio/lib/iommu.c b/tools/testing/selftests/vfio/lib/iommu.c
index 035dac069d60..31aba9fda8e5 100644
--- a/tools/testing/selftests/vfio/lib/iommu.c
+++ b/tools/testing/selftests/vfio/lib/iommu.c
@@ -286,8 +286,7 @@ static struct vfio_iommu_type1_info *vfio_iommu_get_info(int container_fd)
 {
 	struct vfio_iommu_type1_info *info;
 
-	info = malloc(sizeof(*info));
-	VFIO_ASSERT_NOT_NULL(info);
+	info = calloc_assert(1, sizeof(*info));
 
 	*info = (struct vfio_iommu_type1_info) {
 		.argsz = sizeof(*info),
@@ -324,8 +323,7 @@ static struct iommu_iova_range *vfio_iommu_iova_ranges(struct iommu *iommu,
 	cap_range = container_of(hdr, struct vfio_iommu_type1_info_cap_iova_range, header);
 	VFIO_ASSERT_GT(cap_range->nr_iovas, 0);
 
-	ranges = calloc(cap_range->nr_iovas, sizeof(*ranges));
-	VFIO_ASSERT_NOT_NULL(ranges);
+	ranges = calloc_assert(cap_range->nr_iovas, sizeof(*ranges));
 
 	for (u32 i = 0; i < cap_range->nr_iovas; i++) {
 		ranges[i] = (struct iommu_iova_range){
@@ -357,8 +355,7 @@ static struct iommu_iova_range *iommufd_iova_ranges(struct iommu *iommu,
 	VFIO_ASSERT_EQ(errno, EMSGSIZE);
 	VFIO_ASSERT_GT(query.num_iovas, 0);
 
-	ranges = calloc(query.num_iovas, sizeof(*ranges));
-	VFIO_ASSERT_NOT_NULL(ranges);
+	ranges = calloc_assert(query.num_iovas, sizeof(*ranges));
 
 	query.allowed_iovas = (uintptr_t)ranges;
 
@@ -424,8 +421,7 @@ struct iommu *iommu_init(const char *iommu_mode)
 	struct iommu *iommu;
 	int version;
 
-	iommu = calloc(1, sizeof(*iommu));
-	VFIO_ASSERT_NOT_NULL(iommu);
+	iommu = calloc_assert(1, sizeof(*iommu));
 
 	INIT_LIST_HEAD(&iommu->dma_regions);
 
diff --git a/tools/testing/selftests/vfio/lib/iova_allocator.c b/tools/testing/selftests/vfio/lib/iova_allocator.c
index 8c1cc86b70cd..2e7d54e1b4c6 100644
--- a/tools/testing/selftests/vfio/lib/iova_allocator.c
+++ b/tools/testing/selftests/vfio/lib/iova_allocator.c
@@ -29,8 +29,7 @@ struct iova_allocator *iova_allocator_init(struct iommu *iommu)
 	ranges = iommu_iova_ranges(iommu, &nranges);
 	VFIO_ASSERT_NOT_NULL(ranges);
 
-	allocator = malloc(sizeof(*allocator));
-	VFIO_ASSERT_NOT_NULL(allocator);
+	allocator = calloc_assert(1, sizeof(*allocator));
 
 	*allocator = (struct iova_allocator){
 		.ranges = ranges,
@@ -90,4 +89,3 @@ iova_t iova_allocator_alloc(struct iova_allocator *allocator, size_t size)
 		allocator->range_offset = 0;
 	}
 }
-
diff --git a/tools/testing/selftests/vfio/lib/sysfs.c b/tools/testing/selftests/vfio/lib/sysfs.c
index 11415448b2e2..98a46a2543cd 100644
--- a/tools/testing/selftests/vfio/lib/sysfs.c
+++ b/tools/testing/selftests/vfio/lib/sysfs.c
@@ -107,8 +107,7 @@ char *sysfs_sriov_vf_bdf_get(const char *pf_bdf, int i)
 	char *out_vf_bdf;
 
 	/* Fit "0000:00:00.0" */
-	out_vf_bdf = calloc(16, sizeof(char));
-	VFIO_ASSERT_NOT_NULL(out_vf_bdf);
+	out_vf_bdf = calloc_assert(16, sizeof(char));
 
 	snprintf_assert(path, PATH_MAX, "/sys/bus/pci/devices/%s/virtfn%d", pf_bdf, i);
 	readlink_base(path, "%s", out_vf_bdf);
diff --git a/tools/testing/selftests/vfio/lib/vfio_pci_device.c b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
index 94dc5fcecbeb..eb40f7159bae 100644
--- a/tools/testing/selftests/vfio/lib/vfio_pci_device.c
+++ b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
@@ -343,8 +343,7 @@ const char *vfio_pci_get_cdev_path(const char *bdf)
 	char *cdev_path;
 	DIR *dir;
 
-	cdev_path = calloc(PATH_MAX, 1);
-	VFIO_ASSERT_NOT_NULL(cdev_path);
+	cdev_path = calloc_assert(PATH_MAX, 1);
 
 	snprintf_assert(dir_path, sizeof(dir_path), "/sys/bus/pci/devices/%s/vfio-dev/", bdf);
 
@@ -425,8 +424,7 @@ struct vfio_pci_device *vfio_pci_device_alloc(const char *bdf, struct iommu *iom
 {
 	struct vfio_pci_device *device;
 
-	device = calloc(1, sizeof(*device));
-	VFIO_ASSERT_NOT_NULL(device);
+	device = calloc_assert(1, sizeof(*device));
 
 	VFIO_ASSERT_NOT_NULL(iommu);
 	device->iommu = iommu;
diff --git a/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c b/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
index 33b0c31fe2ed..e1a54e153cd3 100644
--- a/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
+++ b/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
@@ -45,8 +45,8 @@ FIXTURE_SETUP(vfio_pci_device_init_perf_test)
 	int i;
 
 	self->iommu = iommu_init(variant->iommu_mode);
-	self->threads = calloc(nr_devices, sizeof(self->threads[0]));
-	self->thread_args = calloc(nr_devices, sizeof(self->thread_args[0]));
+	self->threads = calloc_assert(nr_devices, sizeof(self->threads[0]));
+	self->thread_args = calloc_assert(nr_devices, sizeof(self->thread_args[0]));
 
 	pthread_barrier_init(&self->barrier, NULL, nr_devices);
 

-- 
2.53.0-Meta

Re: [PATCH v3 1/2] vfio: selftests: Add calloc_assert() helper

[David Matlack]

On Mon, Jun 15, 2026 at 12:45 PM Alex Mastro <amastro@fb.com> wrote:
>
> Add a calloc_assert() helper alongside the existing ioctl_assert() and
> snprintf_assert() helpers.
>
> Use it for VFIO selftest allocations that immediately assert a
> non-NULL result.
>
> Assisted-by: Codex:gpt-5.5-high
> Signed-off-by: Alex Mastro <amastro@fb.com>
> ---
>  tools/testing/selftests/vfio/lib/include/libvfio/assert.h    | 10 ++++++++++
>  tools/testing/selftests/vfio/lib/iommu.c                     | 12 ++++--------
>  tools/testing/selftests/vfio/lib/iova_allocator.c            |  4 +---
>  tools/testing/selftests/vfio/lib/sysfs.c                     |  3 +--
>  tools/testing/selftests/vfio/lib/vfio_pci_device.c           |  6 ++----
>  .../testing/selftests/vfio/vfio_pci_device_init_perf_test.c  |  4 ++--
>  6 files changed, 20 insertions(+), 19 deletions(-)
>
> diff --git a/tools/testing/selftests/vfio/lib/include/libvfio/assert.h b/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
> index 77b68c7129a6..f0490a403826 100644
> --- a/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
> +++ b/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
> @@ -3,6 +3,7 @@
>  #define SELFTESTS_VFIO_LIB_INCLUDE_LIBVFIO_ASSERT_H
>
>  #include <stdio.h>
> +#include <stdlib.h>
>  #include <string.h>
>  #include <sys/ioctl.h>
>
> @@ -45,6 +46,15 @@
>         VFIO_LOG_AND_EXIT(_fmt, ##__VA_ARGS__);                 \
>  } while (0)
>
> +#define calloc_assert(_nmemb, _size) ({                                \
> +       size_t __nmemb = (_nmemb);                              \
> +       size_t __size = (_size);                                \
> +       void *__ptr = calloc(__nmemb, __size);                  \
> +       VFIO_ASSERT_NOT_NULL(__ptr, "calloc(%zu, %zu) failed",  \
> +                            __nmemb, __size);                  \
> +       __ptr;                                                  \
> +})
> +
>  #define ioctl_assert(_fd, _op, _arg) do {                                                     \
>         void *__arg = (_arg);                                                                  \
>         int __ret = ioctl((_fd), (_op), (__arg));                                              \
> diff --git a/tools/testing/selftests/vfio/lib/iommu.c b/tools/testing/selftests/vfio/lib/iommu.c
> index 035dac069d60..31aba9fda8e5 100644
> --- a/tools/testing/selftests/vfio/lib/iommu.c
> +++ b/tools/testing/selftests/vfio/lib/iommu.c
> @@ -286,8 +286,7 @@ static struct vfio_iommu_type1_info *vfio_iommu_get_info(int container_fd)
>  {
>         struct vfio_iommu_type1_info *info;
>
> -       info = malloc(sizeof(*info));
> -       VFIO_ASSERT_NOT_NULL(info);
> +       info = calloc_assert(1, sizeof(*info));
>
>         *info = (struct vfio_iommu_type1_info) {
>                 .argsz = sizeof(*info),
> @@ -324,8 +323,7 @@ static struct iommu_iova_range *vfio_iommu_iova_ranges(struct iommu *iommu,
>         cap_range = container_of(hdr, struct vfio_iommu_type1_info_cap_iova_range, header);
>         VFIO_ASSERT_GT(cap_range->nr_iovas, 0);
>
> -       ranges = calloc(cap_range->nr_iovas, sizeof(*ranges));
> -       VFIO_ASSERT_NOT_NULL(ranges);
> +       ranges = calloc_assert(cap_range->nr_iovas, sizeof(*ranges));
>
>         for (u32 i = 0; i < cap_range->nr_iovas; i++) {
>                 ranges[i] = (struct iommu_iova_range){
> @@ -357,8 +355,7 @@ static struct iommu_iova_range *iommufd_iova_ranges(struct iommu *iommu,
>         VFIO_ASSERT_EQ(errno, EMSGSIZE);
>         VFIO_ASSERT_GT(query.num_iovas, 0);
>
> -       ranges = calloc(query.num_iovas, sizeof(*ranges));
> -       VFIO_ASSERT_NOT_NULL(ranges);
> +       ranges = calloc_assert(query.num_iovas, sizeof(*ranges));
>
>         query.allowed_iovas = (uintptr_t)ranges;
>
> @@ -424,8 +421,7 @@ struct iommu *iommu_init(const char *iommu_mode)
>         struct iommu *iommu;
>         int version;
>
> -       iommu = calloc(1, sizeof(*iommu));
> -       VFIO_ASSERT_NOT_NULL(iommu);
> +       iommu = calloc_assert(1, sizeof(*iommu));
>
>         INIT_LIST_HEAD(&iommu->dma_regions);
>
> diff --git a/tools/testing/selftests/vfio/lib/iova_allocator.c b/tools/testing/selftests/vfio/lib/iova_allocator.c
> index 8c1cc86b70cd..2e7d54e1b4c6 100644
> --- a/tools/testing/selftests/vfio/lib/iova_allocator.c
> +++ b/tools/testing/selftests/vfio/lib/iova_allocator.c
> @@ -29,8 +29,7 @@ struct iova_allocator *iova_allocator_init(struct iommu *iommu)
>         ranges = iommu_iova_ranges(iommu, &nranges);
>         VFIO_ASSERT_NOT_NULL(ranges);
>
> -       allocator = malloc(sizeof(*allocator));
> -       VFIO_ASSERT_NOT_NULL(allocator);
> +       allocator = calloc_assert(1, sizeof(*allocator));

Did you mean to replace malloc() with calloc()? Feel free to add a
malloc_assert().

>
>         *allocator = (struct iova_allocator){
>                 .ranges = ranges,
> @@ -90,4 +89,3 @@ iova_t iova_allocator_alloc(struct iova_allocator *allocator, size_t size)
>                 allocator->range_offset = 0;
>         }
>  }
> -
> diff --git a/tools/testing/selftests/vfio/lib/sysfs.c b/tools/testing/selftests/vfio/lib/sysfs.c
> index 11415448b2e2..98a46a2543cd 100644
> --- a/tools/testing/selftests/vfio/lib/sysfs.c
> +++ b/tools/testing/selftests/vfio/lib/sysfs.c
> @@ -107,8 +107,7 @@ char *sysfs_sriov_vf_bdf_get(const char *pf_bdf, int i)
>         char *out_vf_bdf;
>
>         /* Fit "0000:00:00.0" */
> -       out_vf_bdf = calloc(16, sizeof(char));
> -       VFIO_ASSERT_NOT_NULL(out_vf_bdf);
> +       out_vf_bdf = calloc_assert(16, sizeof(char));
>
>         snprintf_assert(path, PATH_MAX, "/sys/bus/pci/devices/%s/virtfn%d", pf_bdf, i);
>         readlink_base(path, "%s", out_vf_bdf);
> diff --git a/tools/testing/selftests/vfio/lib/vfio_pci_device.c b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
> index 94dc5fcecbeb..eb40f7159bae 100644
> --- a/tools/testing/selftests/vfio/lib/vfio_pci_device.c
> +++ b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
> @@ -343,8 +343,7 @@ const char *vfio_pci_get_cdev_path(const char *bdf)
>         char *cdev_path;
>         DIR *dir;
>
> -       cdev_path = calloc(PATH_MAX, 1);
> -       VFIO_ASSERT_NOT_NULL(cdev_path);
> +       cdev_path = calloc_assert(PATH_MAX, 1);
>
>         snprintf_assert(dir_path, sizeof(dir_path), "/sys/bus/pci/devices/%s/vfio-dev/", bdf);
>
> @@ -425,8 +424,7 @@ struct vfio_pci_device *vfio_pci_device_alloc(const char *bdf, struct iommu *iom
>  {
>         struct vfio_pci_device *device;
>
> -       device = calloc(1, sizeof(*device));
> -       VFIO_ASSERT_NOT_NULL(device);
> +       device = calloc_assert(1, sizeof(*device));
>
>         VFIO_ASSERT_NOT_NULL(iommu);
>         device->iommu = iommu;
> diff --git a/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c b/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
> index 33b0c31fe2ed..e1a54e153cd3 100644
> --- a/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
> +++ b/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
> @@ -45,8 +45,8 @@ FIXTURE_SETUP(vfio_pci_device_init_perf_test)
>         int i;
>
>         self->iommu = iommu_init(variant->iommu_mode);
> -       self->threads = calloc(nr_devices, sizeof(self->threads[0]));
> -       self->thread_args = calloc(nr_devices, sizeof(self->thread_args[0]));
> +       self->threads = calloc_assert(nr_devices, sizeof(self->threads[0]));
> +       self->thread_args = calloc_assert(nr_devices, sizeof(self->thread_args[0]));
>
>         pthread_barrier_init(&self->barrier, NULL, nr_devices);
>
>
> --
> 2.53.0-Meta
>

Re: [PATCH v3 1/2] vfio: selftests: Add calloc_assert() helper

[Alex Mastro]

On Mon, Jun 15, 2026 at 03:51:26PM -0700, David Matlack wrote:
> On Mon, Jun 15, 2026 at 12:45 PM Alex Mastro <amastro@fb.com> wrote:
> >
> > Add a calloc_assert() helper alongside the existing ioctl_assert() and
> > snprintf_assert() helpers.
> >
> > Use it for VFIO selftest allocations that immediately assert a
> > non-NULL result.
> >
> > Assisted-by: Codex:gpt-5.5-high
> > Signed-off-by: Alex Mastro <amastro@fb.com>
> > ---
> >  tools/testing/selftests/vfio/lib/include/libvfio/assert.h    | 10 ++++++++++
> >  tools/testing/selftests/vfio/lib/iommu.c                     | 12 ++++--------
> >  tools/testing/selftests/vfio/lib/iova_allocator.c            |  4 +---
> >  tools/testing/selftests/vfio/lib/sysfs.c                     |  3 +--
> >  tools/testing/selftests/vfio/lib/vfio_pci_device.c           |  6 ++----
> >  .../testing/selftests/vfio/vfio_pci_device_init_perf_test.c  |  4 ++--
> >  6 files changed, 20 insertions(+), 19 deletions(-)
> >
> > diff --git a/tools/testing/selftests/vfio/lib/include/libvfio/assert.h b/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
> > index 77b68c7129a6..f0490a403826 100644
> > --- a/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
> > +++ b/tools/testing/selftests/vfio/lib/include/libvfio/assert.h
> > @@ -3,6 +3,7 @@
> >  #define SELFTESTS_VFIO_LIB_INCLUDE_LIBVFIO_ASSERT_H
> >
> >  #include <stdio.h>
> > +#include <stdlib.h>
> >  #include <string.h>
> >  #include <sys/ioctl.h>
> >
> > @@ -45,6 +46,15 @@
> >         VFIO_LOG_AND_EXIT(_fmt, ##__VA_ARGS__);                 \
> >  } while (0)
> >
> > +#define calloc_assert(_nmemb, _size) ({                                \
> > +       size_t __nmemb = (_nmemb);                              \
> > +       size_t __size = (_size);                                \
> > +       void *__ptr = calloc(__nmemb, __size);                  \
> > +       VFIO_ASSERT_NOT_NULL(__ptr, "calloc(%zu, %zu) failed",  \
> > +                            __nmemb, __size);                  \
> > +       __ptr;                                                  \
> > +})
> > +
> >  #define ioctl_assert(_fd, _op, _arg) do {                                                     \
> >         void *__arg = (_arg);                                                                  \
> >         int __ret = ioctl((_fd), (_op), (__arg));                                              \
> > diff --git a/tools/testing/selftests/vfio/lib/iommu.c b/tools/testing/selftests/vfio/lib/iommu.c
> > index 035dac069d60..31aba9fda8e5 100644
> > --- a/tools/testing/selftests/vfio/lib/iommu.c
> > +++ b/tools/testing/selftests/vfio/lib/iommu.c
> > @@ -286,8 +286,7 @@ static struct vfio_iommu_type1_info *vfio_iommu_get_info(int container_fd)
> >  {
> >         struct vfio_iommu_type1_info *info;
> >
> > -       info = malloc(sizeof(*info));
> > -       VFIO_ASSERT_NOT_NULL(info);
> > +       info = calloc_assert(1, sizeof(*info));
> >
> >         *info = (struct vfio_iommu_type1_info) {
> >                 .argsz = sizeof(*info),
> > @@ -324,8 +323,7 @@ static struct iommu_iova_range *vfio_iommu_iova_ranges(struct iommu *iommu,
> >         cap_range = container_of(hdr, struct vfio_iommu_type1_info_cap_iova_range, header);
> >         VFIO_ASSERT_GT(cap_range->nr_iovas, 0);
> >
> > -       ranges = calloc(cap_range->nr_iovas, sizeof(*ranges));
> > -       VFIO_ASSERT_NOT_NULL(ranges);
> > +       ranges = calloc_assert(cap_range->nr_iovas, sizeof(*ranges));
> >
> >         for (u32 i = 0; i < cap_range->nr_iovas; i++) {
> >                 ranges[i] = (struct iommu_iova_range){
> > @@ -357,8 +355,7 @@ static struct iommu_iova_range *iommufd_iova_ranges(struct iommu *iommu,
> >         VFIO_ASSERT_EQ(errno, EMSGSIZE);
> >         VFIO_ASSERT_GT(query.num_iovas, 0);
> >
> > -       ranges = calloc(query.num_iovas, sizeof(*ranges));
> > -       VFIO_ASSERT_NOT_NULL(ranges);
> > +       ranges = calloc_assert(query.num_iovas, sizeof(*ranges));
> >
> >         query.allowed_iovas = (uintptr_t)ranges;
> >
> > @@ -424,8 +421,7 @@ struct iommu *iommu_init(const char *iommu_mode)
> >         struct iommu *iommu;
> >         int version;
> >
> > -       iommu = calloc(1, sizeof(*iommu));
> > -       VFIO_ASSERT_NOT_NULL(iommu);
> > +       iommu = calloc_assert(1, sizeof(*iommu));
> >
> >         INIT_LIST_HEAD(&iommu->dma_regions);
> >
> > diff --git a/tools/testing/selftests/vfio/lib/iova_allocator.c b/tools/testing/selftests/vfio/lib/iova_allocator.c
> > index 8c1cc86b70cd..2e7d54e1b4c6 100644
> > --- a/tools/testing/selftests/vfio/lib/iova_allocator.c
> > +++ b/tools/testing/selftests/vfio/lib/iova_allocator.c
> > @@ -29,8 +29,7 @@ struct iova_allocator *iova_allocator_init(struct iommu *iommu)
> >         ranges = iommu_iova_ranges(iommu, &nranges);
> >         VFIO_ASSERT_NOT_NULL(ranges);
> >
> > -       allocator = malloc(sizeof(*allocator));
> > -       VFIO_ASSERT_NOT_NULL(allocator);
> > +       allocator = calloc_assert(1, sizeof(*allocator));
> 
> Did you mean to replace malloc() with calloc()? Feel free to add a
> malloc_assert().

Yes! Since all malloc() can be expressed as calloc() (because we shouldn't care
about potentially redundant zeroing overhead), I think the single
calloc_assert() is fine.

> 
> >
> >         *allocator = (struct iova_allocator){
> >                 .ranges = ranges,
> > @@ -90,4 +89,3 @@ iova_t iova_allocator_alloc(struct iova_allocator *allocator, size_t size)
> >                 allocator->range_offset = 0;
> >         }
> >  }
> > -
> > diff --git a/tools/testing/selftests/vfio/lib/sysfs.c b/tools/testing/selftests/vfio/lib/sysfs.c
> > index 11415448b2e2..98a46a2543cd 100644
> > --- a/tools/testing/selftests/vfio/lib/sysfs.c
> > +++ b/tools/testing/selftests/vfio/lib/sysfs.c
> > @@ -107,8 +107,7 @@ char *sysfs_sriov_vf_bdf_get(const char *pf_bdf, int i)
> >         char *out_vf_bdf;
> >
> >         /* Fit "0000:00:00.0" */
> > -       out_vf_bdf = calloc(16, sizeof(char));
> > -       VFIO_ASSERT_NOT_NULL(out_vf_bdf);
> > +       out_vf_bdf = calloc_assert(16, sizeof(char));
> >
> >         snprintf_assert(path, PATH_MAX, "/sys/bus/pci/devices/%s/virtfn%d", pf_bdf, i);
> >         readlink_base(path, "%s", out_vf_bdf);
> > diff --git a/tools/testing/selftests/vfio/lib/vfio_pci_device.c b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
> > index 94dc5fcecbeb..eb40f7159bae 100644
> > --- a/tools/testing/selftests/vfio/lib/vfio_pci_device.c
> > +++ b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
> > @@ -343,8 +343,7 @@ const char *vfio_pci_get_cdev_path(const char *bdf)
> >         char *cdev_path;
> >         DIR *dir;
> >
> > -       cdev_path = calloc(PATH_MAX, 1);
> > -       VFIO_ASSERT_NOT_NULL(cdev_path);
> > +       cdev_path = calloc_assert(PATH_MAX, 1);
> >
> >         snprintf_assert(dir_path, sizeof(dir_path), "/sys/bus/pci/devices/%s/vfio-dev/", bdf);
> >
> > @@ -425,8 +424,7 @@ struct vfio_pci_device *vfio_pci_device_alloc(const char *bdf, struct iommu *iom
> >  {
> >         struct vfio_pci_device *device;
> >
> > -       device = calloc(1, sizeof(*device));
> > -       VFIO_ASSERT_NOT_NULL(device);
> > +       device = calloc_assert(1, sizeof(*device));
> >
> >         VFIO_ASSERT_NOT_NULL(iommu);
> >         device->iommu = iommu;
> > diff --git a/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c b/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
> > index 33b0c31fe2ed..e1a54e153cd3 100644
> > --- a/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
> > +++ b/tools/testing/selftests/vfio/vfio_pci_device_init_perf_test.c
> > @@ -45,8 +45,8 @@ FIXTURE_SETUP(vfio_pci_device_init_perf_test)
> >         int i;
> >
> >         self->iommu = iommu_init(variant->iommu_mode);
> > -       self->threads = calloc(nr_devices, sizeof(self->threads[0]));
> > -       self->thread_args = calloc(nr_devices, sizeof(self->thread_args[0]));
> > +       self->threads = calloc_assert(nr_devices, sizeof(self->threads[0]));
> > +       self->thread_args = calloc_assert(nr_devices, sizeof(self->thread_args[0]));
> >
> >         pthread_barrier_init(&self->barrier, NULL, nr_devices);
> >
> >
> > --
> > 2.53.0-Meta
> >

[PATCH v3 2/2] vfio: selftests: Avoid VLAs

[Alex Mastro]

Allocate VFIO ioctl requests dynamically instead of using VLAs. GCC 11.5.0
rejects initialized VLAs with:

  error: variable-sized object may not be initialized

The replaced stack u8 arrays also do not guarantee native struct alignment
for the aliased pointers.

Fixes: 19faf6fd969c ("vfio: selftests: Add a helper library for VFIO selftests")
Fixes: 20face8c75ff ("vfio: selftests: Add helper to set/override a vf_token")
Assisted-by: Codex:gpt-5.5-high
Reviewed-by: Vipin Sharma <vipinsh@google.com>
Signed-off-by: Alex Mastro <amastro@fb.com>
---
 tools/testing/selftests/vfio/lib/vfio_pci_device.c | 26 +++++++++++++---------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/tools/testing/selftests/vfio/lib/vfio_pci_device.c b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
index eb40f7159bae..28868343f2ab 100644
--- a/tools/testing/selftests/vfio/lib/vfio_pci_device.c
+++ b/tools/testing/selftests/vfio/lib/vfio_pci_device.c
@@ -30,13 +30,11 @@
 static void vfio_pci_irq_set(struct vfio_pci_device *device,
 			     u32 index, u32 vector, u32 count, int *fds)
 {
-	u8 buf[sizeof(struct vfio_irq_set) + sizeof(int) * count];
-	struct vfio_irq_set *irq = (void *)&buf;
-	int *irq_fds = (void *)&irq->data;
+	size_t argsz = sizeof(struct vfio_irq_set) + sizeof(int) * count;
+	struct vfio_irq_set *irq;
 
-	memset(buf, 0, sizeof(buf));
-
-	irq->argsz = sizeof(buf);
+	irq = calloc_assert(1, argsz);
+	irq->argsz = argsz;
 	irq->flags = VFIO_IRQ_SET_ACTION_TRIGGER;
 	irq->index = index;
 	irq->start = vector;
@@ -44,12 +42,13 @@ static void vfio_pci_irq_set(struct vfio_pci_device *device,
 
 	if (count) {
 		irq->flags |= VFIO_IRQ_SET_DATA_EVENTFD;
-		memcpy(irq_fds, fds, sizeof(int) * count);
+		memcpy(irq->data, fds, sizeof(int) * count);
 	} else {
 		irq->flags |= VFIO_IRQ_SET_DATA_NONE;
 	}
 
 	ioctl_assert(device->fd, VFIO_DEVICE_SET_IRQS, irq);
+	free(irq);
 }
 
 void vfio_pci_irq_trigger(struct vfio_pci_device *device, u32 index, u32 vector)
@@ -118,15 +117,20 @@ static void vfio_pci_irq_get(struct vfio_pci_device *device, u32 index,
 static int vfio_device_feature_ioctl(int fd, u32 flags, void *data,
 				     size_t data_size)
 {
-	u8 buffer[sizeof(struct vfio_device_feature) + data_size] = {};
-	struct vfio_device_feature *feature = (void *)buffer;
+	size_t argsz = sizeof(struct vfio_device_feature) + data_size;
+	struct vfio_device_feature *feature;
+	int ret;
 
+	feature = calloc_assert(1, argsz);
 	memcpy(feature->data, data, data_size);
 
-	feature->argsz = sizeof(buffer);
+	feature->argsz = argsz;
 	feature->flags = flags;
 
-	return ioctl(fd, VFIO_DEVICE_FEATURE, feature);
+	ret = ioctl(fd, VFIO_DEVICE_FEATURE, feature);
+	free(feature);
+
+	return ret;
 }
 
 static void vfio_device_feature_set(int fd, u16 feature, void *data, size_t data_size)

-- 
2.53.0-Meta

Re: [PATCH v3 2/2] vfio: selftests: Avoid VLAs

[David Matlack]

On 2026-06-15 12:44 PM, Alex Mastro wrote:
> Allocate VFIO ioctl requests dynamically instead of using VLAs. GCC 11.5.0
> rejects initialized VLAs with:
> 
>   error: variable-sized object may not be initialized
> 
> The replaced stack u8 arrays also do not guarantee native struct alignment
> for the aliased pointers.
> 
> Fixes: 19faf6fd969c ("vfio: selftests: Add a helper library for VFIO selftests")
> Fixes: 20face8c75ff ("vfio: selftests: Add helper to set/override a vf_token")
> Assisted-by: Codex:gpt-5.5-high
> Reviewed-by: Vipin Sharma <vipinsh@google.com>
> Signed-off-by: Alex Mastro <amastro@fb.com>

Reviewed-by: David Matlack <dmatlack@google.com>