On Mon, Oct 20, 2025 at 07:44:57PM +0300, Leon Romanovsky wrote:
On Mon, Oct 20, 2025 at 01:15:16PM -0300, Jason Gunthorpe wrote:
On Fri, Oct 17, 2025 at 07:13:58PM +0300, Leon Romanovsky wrote:
static int dma_ranges_to_p2p_phys(struct vfio_pci_dma_buf *priv, struct vfio_device_feature_dma_buf *dma_buf, struct vfio_region_dma_range *dma_ranges, struct p2pdma_provider *provider) { struct pci_dev *pdev = priv->vdev->pdev; phys_addr_t len = pci_resource_len(pdev, dma_buf->region_index); phys_addr_t pci_start; phys_addr_t pci_last; u32 i;
if (!len) return -EINVAL; pci_start = pci_resource_start(pdev, dma_buf->region_index); pci_last = pci_start + len - 1; for (i = 0; i < dma_buf->nr_ranges; i++) { phys_addr_t last;
if (!dma_ranges[i].length) return -EINVAL; if (check_add_overflow(pci_start, dma_ranges[i].offset, &priv->phys_vec[i].paddr) || check_add_overflow(priv->phys_vec[i].paddr, dma_ranges[i].length - 1, &last)) return -EOVERFLOW; if (last > pci_last) return -EINVAL; priv->phys_vec[i].len = dma_ranges[i].length; priv->size += priv->phys_vec[i].len;} priv->nr_ranges = dma_buf->nr_ranges; priv->provider = provider; return 0; }
I have these checks in validate_dmabuf_input(). Do you think that I need to add extra checks?
I think they work better in this function, so I'd move them here.
The main idea for validate_dmabuf_input() is to perform as much as possible checks before allocating kernel memory.
Yeah, but it's fine, it can just be turned into a function to safely compute the total size. It makes more sense to try to validate once we have the kernel memory and got the physical range from the driver to copy into the phys.
Jason