iommufd/selftest: Fix page-size check in iommufd_test_dirty()

iommufd_test_dirty()/IOMMU_TEST_OP_DIRTY sets the dirty bits in the mock
domain implementation that the userspace side validates against what it
obtains via the UAPI.

However in introducing iommufd_test_dirty() it forgot to validate page_size
being 0 leading to two possible divide-by-zero problems: one at the
beginning when calculating @max and while calculating the IOVA in the
XArray PFN tracking list.

While at it, validate the length to require non-zero value as well, as we
can't be allocating a 0-sized bitmap.

Link: https://lore.kernel.org/r/20231030113446.7056-1-joao.m.martins@oracle.com
Reported-by: syzbot+25dc7383c30ecdc83c38@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-iommu/00000000000005f6aa0608b9220f@google.com/
Fixes: a9af47e382a4 ("iommufd/selftest: Test IOMMU_HWPT_GET_DIRTY_BITMAP")
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

diff --git a/drivers/iommu/iommufd/selftest.c b/drivers/iommu/iommufd/selftest.c
index 6684ab4cdc7a9679c7cffca589fb4affcb1d1568..a11d29f368ff824011875fe0ce9e7d0e3dc9bb8e 100644 (file)
--- a/drivers/iommu/iommufd/selftest.c
+++ b/drivers/iommu/iommufd/selftest.c
@@ -1195,14 +1195,15 @@ static int iommufd_test_dirty(struct iommufd_ucmd *ucmd, unsigned int mockpt_id,
                              unsigned long page_size, void __user *uptr,
                              u32 flags)
 {
-       unsigned long bitmap_size, i, max = length / page_size;
+       unsigned long bitmap_size, i, max;
        struct iommu_test_cmd *cmd = ucmd->cmd;
        struct iommufd_hw_pagetable *hwpt;
        struct mock_iommu_domain *mock;
        int rc, count = 0;
        void *tmp;
 
-       if (iova % page_size || length % page_size || !uptr)
+       if (!page_size || !length || iova % page_size || length % page_size ||
+           !uptr)
                return -EINVAL;
 
        hwpt = get_md_pagetable(ucmd, mockpt_id, &mock);
@@ -1214,6 +1215,7 @@ static int iommufd_test_dirty(struct iommufd_ucmd *ucmd, unsigned int mockpt_id,
                goto out_put;
        }
 
+       max = length / page_size;
        bitmap_size = max / BITS_PER_BYTE;
 
        tmp = kvzalloc(bitmap_size, GFP_KERNEL_ACCOUNT);