KVM: make checks stricter in coalesced_mmio_in_range()

My testing version of Smatch complains that addr and len come from the user and they can wrap. The path is: -> kvm_vm_ioctl() -> kvm_vm_ioctl_unregister_coalesced_mmio() -> coalesced_mmio_in_range() I don't know what the implications are of wrapping here, but we may as well fix it, if only to silence the warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

KVM: make checks stricter in coalesced_mmio_in_range()
My testing version of Smatch complains that addr and len come from the user and they can wrap. The path is: -> kvm_vm_ioctl() -> kvm_vm_ioctl_unregister_coalesced_mmio() -> coalesced_mmio_in_range() I don't know what the implications are of wrapping here, but we may as well fix it, if only to silence the warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
1a214246 · Dan Carpenter · Avi Kivity · 3f2e5260 · 1a214246
Commit 1a214246 authored Oct 19, 2011 by Dan Carpenter Committed by Avi Kivity Dec 27, 2011
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

virt/kvm/coalesced_mmio.c virt/kvm/coalesced_mmio.c +9 -3

No files found.
--- a/virt/kvm/coalesced_mmio.c
+++ b/virt/kvm/coalesced_mmio.c
@@ -28,9 +28,15 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev,
 	 * (addr,len) is fully included in
 	 * (zone->addr, zone->size)
 	 */
+	if (len < 0)
-	return (dev->zone.addr <= addr &&
+		return 0;
-		addr + len <= dev->zone.addr + dev->zone.size);
+	if (addr + len < addr)
+		return 0;
+	if (addr < dev->zone.addr)
+		return 0;
+	if (addr + len > dev->zone.addr + dev->zone.size)
+		return 0;
+	return 1;
 }
 static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev)