From: sashiko-bot@kernel.org
To: "Narayana Murty N" <nnmlinux@linux.ibm.com>
Cc: kvm@vger.kernel.org
Subject: Re: [RFC PATCH 5/6] selftests/vfio: Accept sPAPR errno for DMA range overflow
Date: Fri, 03 Jul 2026 08:08:09 +0000 [thread overview]
Message-ID: <20260703080810.348071F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260703032806.40946-6-nnmlinux@linux.ibm.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [Medium] Architecture-specific macro breaks test execution with alternative IOMMU backends on PowerPC.
- [Medium] The test's expectation of `-ENXIO` codifies and relies upon an integer overflow bug in the test library's user-space validation helper.
--
commit 93dbee7bb3c363a49eb5141c94b3669c7520cd26
Author: Narayana Murty N <nnmlinux@linux.ibm.com>
selftests/vfio: Accept sPAPR errno for DMA range overflow
The DMA map limit test expects an overflowing IOVA range to fail with
-EOVERFLOW. This commit modifies the test to expect -ENXIO when compiled
for powerpc to account for sPAPR TCE v2 rejecting the range as outside
the active TCE window.
> diff --git a/tools/testing/selftests/vfio/vfio_dma_mapping_test.c b/tools/testing/selftests/vfio/vfio_dma_mapping_test.c
> index 4411fdbd56da5..cd2d3276a46c4 100644
> --- a/tools/testing/selftests/vfio/vfio_dma_mapping_test.c
> +++ b/tools/testing/selftests/vfio/vfio_dma_mapping_test.c
> @@ -316,10 +316,18 @@ TEST_F(vfio_dma_map_limit_test, overflow)
> region->size = self->mmap_size;
>
> rc = __iommu_map(self->iommu, region);
> +#ifdef __powerpc__
> + ASSERT_EQ(rc, -ENXIO);
[Severity: Medium]
Will this architecture-specific macro break test execution if an alternative
IOMMU backend is used on PowerPC?
Since earlier patches in this series allow selecting the IOMMU backend via
the VFIO_SELFTESTS_IOMMU_MODE environment variable, running the test on
PowerPC with iommufd would return the generic -EOVERFLOW error. Because of
the #ifdef, the test would erroneously expect -ENXIO and fail.
Would it be better to base this branch on the active backend type (e.g.,
inspecting variant->iommu_mode) rather than the compilation target?
[Severity: Medium]
Does expecting -ENXIO here codify a bug in the user-space validation
helper?
In the overflow test, the region->iova is set to a large value so that
region->iova + region->size wraps around to 0.
Looking at spapr_tce_iova_inside_window() introduced earlier in the series,
it evaluates:
tools/testing/selftests/vfio/lib/iommu.c:spapr_tce_iova_inside_window() {
...
if (region->iova + region->size > window->start + window->size)
return false;
...
}
Due to the wrap-around, 0 > 0 + window->size evaluates to false, causing
the validation helper to return true. This bypasses user-space validation,
allowing the invalid IOVA to be sent to the kernel via VFIO_IOMMU_MAP_DMA,
which then rejects it with -ENXIO.
If the user-space bounds check is fixed to catch wrap-arounds (for example,
checking if region->iova + region->size < region->iova), the helper would
correctly return false and the user-space map attempt would return -EINVAL.
Would that fix cause this test to fail because it now explicitly expects
-ENXIO?
> +#else
> ASSERT_EQ(rc, -EOVERFLOW);
> +#endif
>
> rc = __iommu_unmap(self->iommu, region, NULL);
> +#ifdef __powerpc__
> + ASSERT_EQ(rc, -ENXIO);
> +#else
> ASSERT_EQ(rc, -EOVERFLOW);
> +#endif
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260703032806.40946-1-nnmlinux@linux.ibm.com?part=5
next prev parent reply other threads:[~2026-07-03 8:08 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-03 3:28 [RFC PATCH 0/6] selftests/vfio: Add sPAPR TCE v2 coverage Narayana Murty N
2026-07-03 3:28 ` [RFC PATCH 1/6] selftests/vfio: allow selecting IOMMU backend from environment Narayana Murty N
2026-07-03 8:06 ` sashiko-bot
2026-07-03 3:28 ` [RFC PATCH 2/6] selftests/vfio: add sPAPR TCE v2 IOMMU mode Narayana Murty N
2026-07-03 8:09 ` sashiko-bot
2026-07-03 3:28 ` [RFC PATCH 3/6] selftests/vfio: add sPAPR TCE v2 DMA window helpers Narayana Murty N
2026-07-03 8:05 ` sashiko-bot
2026-07-03 3:28 ` [RFC PATCH 4/6] selftests/vfio: Exercise sPAPR DDW path for hugepage DMA mappings Narayana Murty N
2026-07-03 8:11 ` sashiko-bot
2026-07-03 3:28 ` [RFC PATCH 5/6] selftests/vfio: Accept sPAPR errno for DMA range overflow Narayana Murty N
2026-07-03 8:08 ` sashiko-bot [this message]
2026-07-03 3:28 ` [RFC PATCH 6/6] selftests/vfio: Enable VFIO selftests on ppc64 and ppc64le Narayana Murty N
2026-07-03 8:14 ` sashiko-bot
2026-07-03 8:28 ` [RFC PATCH 0/6] selftests/vfio: Add sPAPR TCE v2 coverage Harsh Prateek Bora
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260703080810.348071F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=nnmlinux@linux.ibm.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox