On Thu, Jun 25, 2026 at 3:48 PM Eugenio Perez Martin <[email protected]> wrote: > > On Tue, May 26, 2026 at 10:04 AM rom.wang <[email protected]> wrote: > > > > From: Yufeng Wang <[email protected]> > > > > The clear_user() call in VHOST_GET_FEATURES_ARRAY incorrectly starts > > at argp, which is the beginning of the features array, overwriting the > > data just written by copy_to_user(). It should start after the copied > > elements at argp + copied * sizeof(u64) to only zero the trailing > > unused space. > > > > Fixes: 333c515d1896 ("vhost-net: allow configuring extended features") > > Signed-off-by: Yufeng Wang <[email protected]> > > --- > > drivers/vhost/net.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c > > index db341c922673..70c578acf840 100644 > > --- a/drivers/vhost/net.c > > +++ b/drivers/vhost/net.c > > @@ -1777,7 +1777,8 @@ static long vhost_net_ioctl(struct file *f, unsigned > > int ioctl, > > return -EFAULT; > > > > /* Zero the trailing space provided by user-space, if any */ > > - if (clear_user(argp, size_mul(count - copied, sizeof(u64)))) > > + if (clear_user(argp + copied * sizeof(u64), > > + size_mul(count - copied, sizeof(u64)))) > > The fix looks good to me, but why not use size_mul() macro for copied > * sizeof(u64) multiplication? >
Also, could you add a new switch to tools/virtio/vhost_net_test.c to use the VHOST_GET_FEATURES_ARRAY and VHOST_SET_FEATURES_ARRAY instead of VHOST_GET_FEATURES and VHOST_SET_FEATURES? > > return -EFAULT; > > return 0; > > case VHOST_SET_FEATURES_ARRAY: > > -- > > 2.34.1 > > > >
