On Fri, Jul 11, 2025 at 12:01:49PM +0000, Shameerali Kolothum Thodi wrote: > > minsz = offsetofend(struct vfio_device_bind_iommufd, out_devid); > > > > - if (copy_from_user(&bind, arg, minsz)) > > - return -EFAULT; > > + ret = get_user(user_size, &arg->argsz); > > + if (ret) > > + return ret; > > + if (bind.argsz < minsz) > > The above check should use user_size.
Woops for sure! > With that fixed, I did a basic sanity testing with a latest Qemu(no > BIND_FLAG_TOKEN flag), > assigning a vf to a Guest. Seems to be OK. No regression observed. > > FWIW: > Tested-by: Shameer Kolothum <shameerali.kolothum.th...@huawei.com> Thanks for testing! Jason
