On Fri, Jun 07, 2024 at 07:09:49PM +0000, Fred Griffoul wrote:
> diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
> index e97d796a54fb..e87131d45059 100644
> --- a/drivers/vfio/vfio_main.c
> +++ b/drivers/vfio/vfio_main.c
> @@ -1505,23 +1505,28 @@ int vfio_set_irqs_validate_and_prepare(struct vfio_irq_set *hdr, int num_irqs,
> size = 0;
> break;
> case VFIO_IRQ_SET_DATA_BOOL:
> - size = sizeof(uint8_t);
> + size = hdr->count * sizeof(uint8_t);
> break;
> case VFIO_IRQ_SET_DATA_EVENTFD:
> - size = sizeof(int32_t);
> + size = hdr->count * sizeof(int32_t);
Not related to your patch, but this multiply can integer overflow on
32bit systems. Better to use size_mul().
regards,
dan carpenter
> + break;
> + case VFIO_IRQ_SET_DATA_AFFINITY:
> + size = hdr->argsz - minsz;
> + if (size > cpumask_size())
> + size = cpumask_size();
> break;
> default:
> return -EINVAL;
> }
>
> if (size) {
> - if (hdr->argsz - minsz < hdr->count * size)
> + if (hdr->argsz - minsz < size)
> return -EINVAL;
>
> if (!data_size)
> return -EINVAL;
>
> - *data_size = hdr->count * size;
> + *data_size = size;
> }
>
> return 0;
