From: Jason Gunthorpe jgg@nvidia.com Sent: Saturday, March 11, 2023 1:50 AM
On Thu, Mar 09, 2023 at 12:09:05AM -0800, Yi Liu wrote:
+int iommufd_hwpt_invalidate(struct iommufd_ucmd *ucmd) +{
- struct iommu_hwpt_invalidate *cmd = ucmd->cmd;
- struct iommufd_hw_pagetable *hwpt;
- u64 user_ptr;
- u32 user_data_len, klen;
- int rc = 0;
- /*
* For a user-managed HWPT, type should not be
IOMMU_HWPT_TYPE_DEFAULT.
* data_len should not exceed the size of
iommufd_invalidate_buffer.
*/
- if (cmd->data_type == IOMMU_HWPT_TYPE_DEFAULT || !cmd-
data_len ||
cmd->data_type >=
ARRAY_SIZE(iommufd_hwpt_invalidate_info_size))
return -EOPNOTSUPP;
This needs to do the standard check for zeros in unknown trailing data bit. Check that alloc does it too
Maybe it has been covered by the copy_struct_from_user(). Is it?
+ /* + * Copy the needed fields before reusing the ucmd buffer, this + * avoids memory allocation in this path. + */ + user_ptr = cmd->data_uptr; + user_data_len = cmd->data_len; + + rc = copy_struct_from_user(cmd, klen, + u64_to_user_ptr(user_ptr), user_data_len);
Regards, Yi Liu