Re: [PATCH v2] fpga: dfl-afu: validate DMA mapping length in afu_dma_map_region()

Next message: Krzysztof Kozlowski: "Re: [PATCH v12 1/2] dt-bindings: hwmon: add support for MCP998X"
Previous message: Birger Koblitz: "Re: [PATCH net-next v6 0/2] r8152: Add support for the RTL8157 5Gbit USB Ethernet chip"
In reply to: Sebastian Alba Vives: "[PATCH v2] fpga: dfl-afu: validate DMA mapping length in afu_dma_map_region()"
Next in thread: Sebastian Alba Vives: "[PATCH v3 2/3] fpga: dfl-afu: validate DMA mapping length in afu_dma_map_region()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Sat Apr 04 2026 - 03:01:59 EST

On Fri, Apr 03, 2026 at 11:57:18AM -0600, Sebastian Alba Vives wrote:
> From: Sebastian Josue Alba Vives <sebasjosue84@xxxxxxxxx>
>
> region->length comes from userspace via the DFL_FPGA_PORT_DMA_MAP ioctl
> as a __u64 value. While the function checks for page alignment and
> address overflow, there is no upper bound on the length value. When
> length >> PAGE_SHIFT exceeds INT_MAX, the downstream call to
> pin_user_pages_fast() (which takes int nr_pages) receives a truncated
> value.
>
> Add the length validation alongside the existing input checks in
> afu_dma_map_region(), where all userspace arguments are validated
> before being passed deeper into the call chain.
>
> Signed-off-by: Sebastian Alba Vives <sebasjosue84@xxxxxxxxx>
> ---
> Changes in v2:
> - Move validation from afu_dma_pin_pages() to afu_dma_map_region()
> to validate at the ioctl entry point as suggested by Greg KH

This isn't the ioctl entry point, why not put it in afu_ioctl_dma_map()
with the other checks?

thanks,

greg k-h