> From: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Sent: Saturday, March 11, 2023 1:50 AM
>
> On Thu, Mar 09, 2023 at 12:09:05AM -0800, Yi Liu wrote:
> > +int iommufd_hwpt_invalidate(struct iommufd_ucmd *ucmd)
> > +{
> > + struct iommu_hwpt_invalidate *cmd = ucmd->cmd;
> > + struct iommufd_hw_pagetable *hwpt;
> > + u64 user_ptr;
> > + u32 user_data_len, klen;
> > + int rc = 0;
> > +
> > + /*
> > + * For a user-managed HWPT, type should not be
> IOMMU_HWPT_TYPE_DEFAULT.
> > + * data_len should not exceed the size of
> iommufd_invalidate_buffer.
> > + */
> > + if (cmd->data_type == IOMMU_HWPT_TYPE_DEFAULT || !cmd-
> >data_len ||
> > + cmd->data_type >=
> ARRAY_SIZE(iommufd_hwpt_invalidate_info_size))
> > + return -EOPNOTSUPP;
>
> This needs to do the standard check for zeros in unknown trailing data
> bit. Check that alloc does it too
Maybe it has been covered by the copy_struct_from_user(). Is it?
+ /*
+ * Copy the needed fields before reusing the ucmd buffer, this
+ * avoids memory allocation in this path.
+ */
+ user_ptr = cmd->data_uptr;
+ user_data_len = cmd->data_len;
+
+ rc = copy_struct_from_user(cmd, klen,
+ u64_to_user_ptr(user_ptr), user_data_len);
Regards,
Yi Liu
