vfio/type1: silence integer overflow warning

I get a static checker warning about the potential integer overflow if we add "unmap->iova + unmap->size". The integer overflow isn't really harmful, but we may as well fix it. Also unmap->size gets truncated to size_t when we pass it to vfio_find_dma() so we could check for too high values of that as well. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
author: Dan Carpenter 2017-10-20 19:41:56 +0200
committer: Alex Williamson 2017-10-20 19:41:56 +0200
commit: 71a7d3d78e3ca51ea688ae88c389867d948377cd (patch)
tree: 74901aa0a48262807d8e409839a99f6f5a44455f /drivers/vfio/vfio_iommu_type1.c
parent: vfio-mdev/samples: make mdev_fops const and static (diff)
download: kernel-qcow2-linux-71a7d3d78e3ca51ea688ae88c389867d948377cd.tar.gz
kernel-qcow2-linux-71a7d3d78e3ca51ea688ae88c389867d948377cd.tar.xz
kernel-qcow2-linux-71a7d3d78e3ca51ea688ae88c389867d948377cd.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 92155cce926d..e30e29ae4819 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -767,6 +767,9 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
 		return -EINVAL;
 	if (!unmap->size || unmap->size & mask)
 		return -EINVAL;
+	if (unmap->iova + unmap->size < unmap->iova ||
+	    unmap->size > SIZE_MAX)
+		return -EINVAL;
 
 	WARN_ON(mask & PAGE_MASK);
 again:
author	Dan Carpenter	2017-10-20 19:41:56 +0200
committer	Alex Williamson	2017-10-20 19:41:56 +0200
commit	71a7d3d78e3ca51ea688ae88c389867d948377cd (patch)
tree	74901aa0a48262807d8e409839a99f6f5a44455f /drivers/vfio/vfio_iommu_type1.c
parent	vfio-mdev/samples: make mdev_fops const and static (diff)
download	kernel-qcow2-linux-71a7d3d78e3ca51ea688ae88c389867d948377cd.tar.gz kernel-qcow2-linux-71a7d3d78e3ca51ea688ae88c389867d948377cd.tar.xz kernel-qcow2-linux-71a7d3d78e3ca51ea688ae88c389867d948377cd.zip