[Devel] [PATCH RHEL10 COMMIT] vhost-blk: return int, not size_t, from the bounce-buffer copy helpers

Konstantin Khorenko khorenko at virtuozzo.com
Fri Jun 19 21:33:05 MSK 2026


The commit is pushed to "branch-rh10-6.12.0-211.16.1.12.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-211.16.1.12.4.vz10
------>
commit a982a2ffdd77f243191e8456d97b1ff11d773762
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Fri Jun 5 19:49:09 2026 +0200

    vhost-blk: return int, not size_t, from the bounce-buffer copy helpers
    
    vhost_blk_move_req_to_bb() and vhost_blk_move_bb_to_req() are declared to
    return size_t but actually return an error code:
    
            static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
            {
                    ...
                    if (copy_from_iter(req->bb, req->len, &iter) != req->len)
                            return -EINVAL;
                    return 0;
            }
    
    size_t is unsigned, so "return -EINVAL" returns a huge positive value
    ((size_t)-EINVAL == 0xffffffffffffffea on 64-bit).  Today this happens to
    work only by accident:
    
      - vhost_blk_move_req_to_bb()'s caller stores the result in an int ret,
        which truncates the value back to -EINVAL, so "if (ret) goto err_req"
        behaves;
      - vhost_blk_move_bb_to_req()'s caller only tests for non-zero
        (if (vhost_blk_move_bb_to_req(req)) req->bio_err = EINVAL), and the
        huge value is non-zero.
    
    Relying on truncation/non-zeroness to carry a negative errno through an
    unsigned return type is fragile and misleading: a future caller that
    keeps the size_t and does "if ((ssize_t)ret < 0)" or compares against 0
    the wrong way would silently misbehave.  These functions return 0 or
    -EINVAL, which is exactly what int is for.
    
    Change both return types to int.  No functional change.
    
    Fixes: 40a5928ec730 ("drivers/vhost: vhost-blk accelerator for virtio-blk guests")
    
    Feature: vhost-blk: in-kernel accelerator for virtio-blk guests
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    Reviewed-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 drivers/vhost/blk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/vhost/blk.c b/drivers/vhost/blk.c
index 16a0a93678def..c03945ac04234 100644
--- a/drivers/vhost/blk.c
+++ b/drivers/vhost/blk.c
@@ -241,7 +241,7 @@ static int vhost_blk_save_iov_to_req(struct vhost_blk_req *req)
 }
 
 
-static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
+static int vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
 {
 	struct iov_iter iter;
 
@@ -252,7 +252,7 @@ static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
 	return 0;
 }
 
-static size_t vhost_blk_move_bb_to_req(struct vhost_blk_req *req)
+static int vhost_blk_move_bb_to_req(struct vhost_blk_req *req)
 {
 	struct iov_iter iter;
 


More information about the Devel mailing list