On Sat, Jun 14, 2025 at 12:14:35AM -0700, Nicolin Chen wrote:
> + /*
> + * FIXME allocation may fail when sizeof(*pages) * max_npages is
> + * larger than PAGE_SIZE. This might need a new API returning a
> + * bio_vec or something more efficient.
> + */
> + pages = kcalloc(max_npages, sizeof(*pages), GFP_KERNEL);
Use the kvcalloc variation here then. You probably also need a
GFP_NOWARN to avoid syzkaller blowups.
> + access = iommufd_hw_queue_alloc_phys(cmd, viommu, &base_pa);
> + if (IS_ERR(access)) {
> + rc = PTR_ERR(access);
> + goto out_put_viommu;
> + }
> +
> + hw_queue = (struct iommufd_hw_queue *)_iommufd_object_alloc_ucmd(
> + ucmd, hw_queue_size, IOMMUFD_OBJ_HW_QUEUE);
> + if (IS_ERR(hw_queue)) {
> + rc = PTR_ERR(hw_queue);
> + goto out_destroy_access;
> + }
I think these two are out of order, alloc the object first, then
do the access and set hw_queue->access. Make sure abort will clean it up
automatically when non-null and remove the out_destroy_access
Jason
