diff --git a/drivers/gpu/drm/nouveau/nouveau_usif.c b/drivers/gpu/drm/nouveau/nouveau_usif.c
index cb1182d..8d4fcc1 100644
--- a/drivers/gpu/drm/nouveau/nouveau_usif.c
+++ b/drivers/gpu/drm/nouveau/nouveau_usif.c
@@ -316,6 +316,12 @@
 	} else
 		goto done;
 
+	object = (void *)(unsigned long)argv->v0.token;
+	if (!access_ok(VERIFY_READ, object, sizeof(struct usif_object))) {
+		ret = -EINVAL;
+		goto done;
+	}
+
 	mutex_lock(&cli->mutex);
 	switch (argv->v0.type) {
 	case NVIF_IOCTL_V0_NEW:
@@ -340,7 +346,6 @@
 		break;
 	}
 	if (argv->v0.route == NVDRM_OBJECT_USIF) {
-		object = (void *)(unsigned long)argv->v0.token;
 		argv->v0.route = object->route;
 		argv->v0.token = object->token;
 		if (ret == 0 && argv->v0.type == NVIF_IOCTL_V0_DEL) {