| Message ID | 1478293856-8191-18-git-send-email-kwankhede@nvidia.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 05/11/16 08:10, Kirti Wankhede wrote: > Updated vfio_platform_common.c file to use > vfio_set_irqs_validate_and_prepare() > > Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com> > Signed-off-by: Neo Jia <cjia@nvidia.com> > Change-Id: Id87cd6b78ae901610b39bf957974baa6f40cd7b0 > --- > drivers/vfio/platform/vfio_platform_common.c | 31 +++++++--------------------- > 1 file changed, 8 insertions(+), 23 deletions(-) > > diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c > index d78142830754..4c27f4be3c3d 100644 > --- a/drivers/vfio/platform/vfio_platform_common.c > +++ b/drivers/vfio/platform/vfio_platform_common.c > @@ -364,36 +364,21 @@ static long vfio_platform_ioctl(void *device_data, > struct vfio_irq_set hdr; > u8 *data = NULL; > int ret = 0; > + size_t data_size = 0; > > minsz = offsetofend(struct vfio_irq_set, count); > > if (copy_from_user(&hdr, (void __user *)arg, minsz)) > return -EFAULT; > > - if (hdr.argsz < minsz) > - return -EINVAL; > - > - if (hdr.index >= vdev->num_irqs) > - return -EINVAL; > - > - if (hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK | > - VFIO_IRQ_SET_ACTION_TYPE_MASK)) > - return -EINVAL; > - > - if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) { > - size_t size; > - > - if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL) > - size = sizeof(uint8_t); > - else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD) > - size = sizeof(int32_t); > - else > - return -EINVAL; > - > - if (hdr.argsz - minsz < size) > - return -EINVAL; > + ret = vfio_set_irqs_validate_and_prepare(&hdr, vdev->num_irqs, > + vdev->num_irqs, &data_size); The patch does not change this but I am still curious: is not the second vdev->num_irqs supposed to be one of VFIO_PCI_INTX_IRQ_INDEX..VFIO_PCI_NUM_IRQS, not the actual number of interrupt vectors (as in vfio-pci)? > + if (ret) > + return ret; > > - data = memdup_user((void __user *)(arg + minsz), size); > + if (data_size) { > + data = memdup_user((void __user *)(arg + minsz), > + data_size); > if (IS_ERR(data)) > return PTR_ERR(data); > } >
On 11/8/2016 2:22 PM, Alexey Kardashevskiy wrote: > On 05/11/16 08:10, Kirti Wankhede wrote: >> Updated vfio_platform_common.c file to use >> vfio_set_irqs_validate_and_prepare() >> >> Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com> >> Signed-off-by: Neo Jia <cjia@nvidia.com> >> Change-Id: Id87cd6b78ae901610b39bf957974baa6f40cd7b0 >> --- >> drivers/vfio/platform/vfio_platform_common.c | 31 +++++++--------------------- >> 1 file changed, 8 insertions(+), 23 deletions(-) >> >> diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c >> index d78142830754..4c27f4be3c3d 100644 >> --- a/drivers/vfio/platform/vfio_platform_common.c >> +++ b/drivers/vfio/platform/vfio_platform_common.c >> @@ -364,36 +364,21 @@ static long vfio_platform_ioctl(void *device_data, >> struct vfio_irq_set hdr; >> u8 *data = NULL; >> int ret = 0; >> + size_t data_size = 0; >> >> minsz = offsetofend(struct vfio_irq_set, count); >> >> if (copy_from_user(&hdr, (void __user *)arg, minsz)) >> return -EFAULT; >> >> - if (hdr.argsz < minsz) >> - return -EINVAL; >> - >> - if (hdr.index >= vdev->num_irqs) >> - return -EINVAL; >> - >> - if (hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK | >> - VFIO_IRQ_SET_ACTION_TYPE_MASK)) >> - return -EINVAL; >> - >> - if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) { >> - size_t size; >> - >> - if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL) >> - size = sizeof(uint8_t); >> - else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD) >> - size = sizeof(int32_t); >> - else >> - return -EINVAL; >> - >> - if (hdr.argsz - minsz < size) >> - return -EINVAL; >> + ret = vfio_set_irqs_validate_and_prepare(&hdr, vdev->num_irqs, >> + vdev->num_irqs, &data_size); > > The patch does not change this but I am still curious: > > is not the second vdev->num_irqs supposed to be one of > VFIO_PCI_INTX_IRQ_INDEX..VFIO_PCI_NUM_IRQS, not the actual number of > interrupt vectors (as in vfio-pci)? > > Those are PCI specific. I don't think those counts are applicable here. If you see the prototype, second argument and third argument have different meaning. int vfio_set_irqs_validate_and_prepare(struct vfio_irq_set *hdr, int num_irqs, int max_irq_type, size_t *data_size) - num_irqs are number of irqs caller want to setup and - max_irq_type is the one which is return to user in VFIO_DEVICE_GET_INFO ioctl's info.num_irqs. For platform these two are same. Thanks, Kirti > > >> + if (ret) >> + return ret; >> >> - data = memdup_user((void __user *)(arg + minsz), size); >> + if (data_size) { >> + data = memdup_user((void __user *)(arg + minsz), >> + data_size); >> if (IS_ERR(data)) >> return PTR_ERR(data); >> } >> > >
diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c index d78142830754..4c27f4be3c3d 100644 --- a/drivers/vfio/platform/vfio_platform_common.c +++ b/drivers/vfio/platform/vfio_platform_common.c @@ -364,36 +364,21 @@ static long vfio_platform_ioctl(void *device_data, struct vfio_irq_set hdr; u8 *data = NULL; int ret = 0; + size_t data_size = 0; minsz = offsetofend(struct vfio_irq_set, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; - if (hdr.argsz < minsz) - return -EINVAL; - - if (hdr.index >= vdev->num_irqs) - return -EINVAL; - - if (hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK | - VFIO_IRQ_SET_ACTION_TYPE_MASK)) - return -EINVAL; - - if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) { - size_t size; - - if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL) - size = sizeof(uint8_t); - else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD) - size = sizeof(int32_t); - else - return -EINVAL; - - if (hdr.argsz - minsz < size) - return -EINVAL; + ret = vfio_set_irqs_validate_and_prepare(&hdr, vdev->num_irqs, + vdev->num_irqs, &data_size); + if (ret) + return ret; - data = memdup_user((void __user *)(arg + minsz), size); + if (data_size) { + data = memdup_user((void __user *)(arg + minsz), + data_size); if (IS_ERR(data)) return PTR_ERR(data); }