Re: [PATCH v4] dma-buf: Fix silent overflow for phys vec to sgt

Next message: Luca Leonardo Scorcia: "Re: [PATCH] dt-bindings: pinctrl: mediatek: mt6795: document the slew-rate property"
Previous message: Rosen Penev: "[PATCH] ata: pata_ep93xx: fix incorrect return value in data_xfer"
In reply to: Jason Gunthorpe: "Re: [PATCH v4] dma-buf: Fix silent overflow for phys vec to sgt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hu

Date: Mon Jun 01 2026 - 15:27:01 EST

On Mon, Jun 1, 2026 at 1:52 PM Jason Gunthorpe <jgg@xxxxxxxx> wrote:
>
> On Thu, May 28, 2026 at 07:16:58PM +0000, David Hu wrote:
> > diff --git a/drivers/dma-buf/dma-buf-mapping.c b/drivers/dma-buf/dma-buf-mapping.c
> > index 794acff2546a..1aabc0ee70bb 100644
> > --- a/drivers/dma-buf/dma-buf-mapping.c
> > +++ b/drivers/dma-buf/dma-buf-mapping.c
> > @@ -51,6 +51,9 @@ static unsigned int calc_sg_nents(struct dma_iova_state *state,
> > nents = DIV_ROUND_UP(size, UINT_MAX);
> > }
> >
> > + if (WARN_ON_ONCE(nents > UINT_MAX))
> > + return 0;
>
> The WARN seems a bit much, but if you have it then it should be
> arranged so the caller ultimately fails.
>
> But otherwise I think correcting the types is a good idea
>
> Jason
Hi Jason,

Thank you for the feedback. That makes complete sense. I will remove
WARN_ON_ONCE() to avoid dmesg noise, and instead add an explicit check
in dma_buf_phys_vec_to_sgt() to fail with -EINVAL if calc_sg_nents()
returns 0 (on overflow).

I will send out v5 with these changes shortly.

Regards,
David