[Devel] [PATCH RHEL10 COMMIT] vhost-blk: return int, not size_t, from the bounce-buffer copy helpers
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Jun 19 21:33:05 MSK 2026
The commit is pushed to "branch-rh10-6.12.0-211.16.1.12.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-211.16.1.12.4.vz10
------>
commit a982a2ffdd77f243191e8456d97b1ff11d773762
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Fri Jun 5 19:49:09 2026 +0200
vhost-blk: return int, not size_t, from the bounce-buffer copy helpers
vhost_blk_move_req_to_bb() and vhost_blk_move_bb_to_req() are declared to
return size_t but actually return an error code:
static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
{
...
if (copy_from_iter(req->bb, req->len, &iter) != req->len)
return -EINVAL;
return 0;
}
size_t is unsigned, so "return -EINVAL" returns a huge positive value
((size_t)-EINVAL == 0xffffffffffffffea on 64-bit). Today this happens to
work only by accident:
- vhost_blk_move_req_to_bb()'s caller stores the result in an int ret,
which truncates the value back to -EINVAL, so "if (ret) goto err_req"
behaves;
- vhost_blk_move_bb_to_req()'s caller only tests for non-zero
(if (vhost_blk_move_bb_to_req(req)) req->bio_err = EINVAL), and the
huge value is non-zero.
Relying on truncation/non-zeroness to carry a negative errno through an
unsigned return type is fragile and misleading: a future caller that
keeps the size_t and does "if ((ssize_t)ret < 0)" or compares against 0
the wrong way would silently misbehave. These functions return 0 or
-EINVAL, which is exactly what int is for.
Change both return types to int. No functional change.
Fixes: 40a5928ec730 ("drivers/vhost: vhost-blk accelerator for virtio-blk guests")
Feature: vhost-blk: in-kernel accelerator for virtio-blk guests
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
Reviewed-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
drivers/vhost/blk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/vhost/blk.c b/drivers/vhost/blk.c
index 16a0a93678def..c03945ac04234 100644
--- a/drivers/vhost/blk.c
+++ b/drivers/vhost/blk.c
@@ -241,7 +241,7 @@ static int vhost_blk_save_iov_to_req(struct vhost_blk_req *req)
}
-static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
+static int vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
{
struct iov_iter iter;
@@ -252,7 +252,7 @@ static size_t vhost_blk_move_req_to_bb(struct vhost_blk_req *req)
return 0;
}
-static size_t vhost_blk_move_bb_to_req(struct vhost_blk_req *req)
+static int vhost_blk_move_bb_to_req(struct vhost_blk_req *req)
{
struct iov_iter iter;
More information about the Devel
mailing list