On Wed, Jun 03, 2026 at 02:26:56PM -0700, Nicolin Chen wrote:
> +int arm_vsmmu_cache_invalidate(struct iommufd_viommu *viommu,
> + struct iommu_user_data_array *array)
> +{
> + struct arm_vsmmu *vsmmu = container_of(viommu, struct arm_vsmmu, core);
> + u32 issued = 0;
> + int ret = 0;
> +
> + if (array->type != IOMMU_VIOMMU_INVALIDATE_DATA_ARM_SMMUV3) {
> + array->entry_num = 0;
> + return -EINVAL;
> + }
> +
> + while (issued != array->entry_num) {
> + /* Process and issue the command(s) in batch */
> + ret = arm_vsmmu_cache_invalidate_batch(vsmmu, array, &issued);
> + if (ret)
> + break;
> + }
> +
> + array->entry_num = issued;
> return ret;
I think every driver will have this same problem, how about lifting
this loop to the core code?
Also not sure I like the validation flow, I think it will be easier to
understand for everything if either num is 0 and nothing was done with
an error code
Or num is non zero and no error code.
Like it doesn't make sense to fail immediately if zero pad is nonzero
in iommu_copy_struct_from_full_user_array() but then to try to
partially continue if arm_vsmmu_convert_user_cmd() finds illegal data
in the very same buffer. Be consistent, validate the user buffer, if
it is not valid fail immeidately. Then execute a fully valid user buffer.
Jason
