[Devel] [PATCH vz10 4/4] vhost-blk: return int, not size_t, from the bounce-buffer copy helpers

Konstantin Khorenko khorenko at virtuozzo.com
Fri Jun 5 20:49:09 MSK 2026


vhost_blk_move_req_to_bb() and vhost_blk_move_bb_to_req() are declared to
return size_t but actually return an error code:

	static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
	{
		...
		if (copy_from_iter(req->bb, req->len, &iter) != req->len)
			return -EINVAL;
		return 0;
	}

size_t is unsigned, so "return -EINVAL" returns a huge positive value
((size_t)-EINVAL == 0xffffffffffffffea on 64-bit).  Today this happens to
work only by accident:

  - vhost_blk_move_req_to_bb()'s caller stores the result in an int ret,
    which truncates the value back to -EINVAL, so "if (ret) goto err_req"
    behaves;
  - vhost_blk_move_bb_to_req()'s caller only tests for non-zero
    (if (vhost_blk_move_bb_to_req(req)) req->bio_err = EINVAL), and the
    huge value is non-zero.

Relying on truncation/non-zeroness to carry a negative errno through an
unsigned return type is fragile and misleading: a future caller that
keeps the size_t and does "if ((ssize_t)ret < 0)" or compares against 0
the wrong way would silently misbehave.  These functions return 0 or
-EINVAL, which is exactly what int is for.

Change both return types to int.  No functional change.

Fixes: 40a5928ec730 ("drivers/vhost: vhost-blk accelerator for virtio-blk guests")

Feature: vhost-blk: in-kernel accelerator for virtio-blk guests
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 drivers/vhost/blk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/vhost/blk.c b/drivers/vhost/blk.c
index f73867b45f7a0..d0e2736af1333 100644
--- a/drivers/vhost/blk.c
+++ b/drivers/vhost/blk.c
@@ -234,7 +234,7 @@ static int vhost_blk_save_iov_to_req(struct vhost_blk_req *req)
 }
 
 
-static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
+static int vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
 {
 	struct iov_iter iter;
 
@@ -245,7 +245,7 @@ static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
 	return 0;
 }
 
-static size_t vhost_blk_move_bb_to_req(struct vhost_blk_req *req)
+static int vhost_blk_move_bb_to_req(struct vhost_blk_req *req)
 {
 	struct iov_iter iter;
 
-- 
2.43.0



More information about the Devel mailing list