RE: [PATCH rc v2 1/4] iommufd: Fix data_len byte-count vs element-count mismatch

Next message: Mike Rapoport: "Re: [PATCH] block: partitions: replace __get_free_page() with kmalloc()"
Previous message: Shuai Zhang: "Re: [PATCH v1] Bluetooth: hci_qca: Increase SSR delay for rampatch and NVM loading"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tian, Kevin

Date: Mon May 25 2026 - 02:52:11 EST

> From: Nicolin Chen <nicolinc@xxxxxxxxxx>
> Sent: Friday, May 22, 2026 8:37 AM
>
> kzalloc_flex() computes the allocation size. With event_data typed as u64,
> data_len is interpreted as a u64 element count. Yet, every caller and the
> read path treat data_len as a byte count. The current code over-allocates
> by sizeof(u64) and the __counted_by() annotation overstates the length by
> the same factor.
>
> Re-type event_data as u8. No functional change in user-visible behavior.
>
> Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and
> IOMMUFD_CMD_VEVENTQ_ALLOC")
> Cc: stable@xxxxxxxxxxxxxxx
> Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Signed-off-by: Nicolin Chen <nicolinc@xxxxxxxxxx>

Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>