> From: Nicolin Chen <[email protected]> > Sent: Friday, May 22, 2026 8:37 AM > > The veventq memory allocation happens inside the spinlock. Given its depth > is decided by the user space, this leaves a vulnerability, where userspace > can allocate large queues to exhaust atomic memory reserves. > > Move the allocation outside the spinlock and use GFP_NOWAIT, which can > fail > fast under memory pressure without dipping into the GFP_ATOMIC reserves > or > direct-reclaiming from the threaded IRQ handler. On allocation failure, > queue the lost_events_header (so userspace learns of the drop) and return > -ENOMEM so the caller learns of the kernel-side memory pressure. > > This is intentionally distinct from the queue-overflow path, which also > queues the lost_events_header but returns 0: a full queue is an expected > userspace-pacing condition rather than a kernel error. > > A subsequent change will cap the upper bound of the veventq_depth. > > Fixes: e36ba5ab808e ("iommufd: Add IOMMUFD_OBJ_VEVENTQ and > IOMMUFD_CMD_VEVENTQ_ALLOC") > Cc: [email protected] > Reviewed-by: Jason Gunthorpe <[email protected]> > Signed-off-by: Nicolin Chen <[email protected]>
Reviewed-by: Kevin Tian <[email protected]>
