> From: Stefan Hajnoczi <stefanha@xxxxxxxxxx> > Sent: Thursday, August 10, 2023 4:32 AM > > The VFIO_DEVICE_GET_INFO, VFIO_DEVICE_GET_REGION_INFO, and > VFIO_IOMMU_GET_INFO ioctls fill in an info struct followed by capability > structs: > > +------+---------+---------+-----+ > | info | caps[0] | caps[1] | ... | > +------+---------+---------+-----+ > > Both the info and capability struct sizes are not always multiples of > sizeof(u64), leaving u64 fields in later capability structs misaligned. > > Userspace applications currently need to handle misalignment manually in > order to support CPU architectures and programming languages with strict > alignment requirements. > > Make life easier for userspace by ensuring alignment in the kernel. This > is done by padding info struct definitions and by copying out zeroes > after capability structs that are not aligned. > > The new layout is as follows: > > +------+---------+---+---------+-----+ > | info | caps[0] | 0 | caps[1] | ... | > +------+---------+---+---------+-----+ > > In this example caps[0] has a size that is not multiples of sizeof(u64), > so zero padding is added to align the subsequent structure. > > Adding zero padding between structs does not break the uapi. The memory > layout is specified by the info.cap_offset and caps[i].next fields > filled in by the kernel. Applications use these field values to locate > structs and are therefore unaffected by the addition of zero padding. > > Note that code that copies out info structs with padding is updated to > always zero the struct and copy out as many bytes as userspace > requested. This makes the code shorter and avoids potential information > leaks by ensuring padding is initialized. > > Originally-by: Alex Williamson <alex.williamson@xxxxxxxxxx> > Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
