aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2011-10-19 02:15:10 -0400
committerAvi Kivity <avi@redhat.com>2011-12-27 04:17:07 -0500
commit1a214246cbb431f7430f7d0c0fb66218a6f442d2 (patch)
tree5a45be4f7fe958dbd09774ad9425bdcf40ff8e91
parent3f2e5260f5a17d37be3e3c83aca2f335b9bf3893 (diff)
KVM: make checks stricter in coalesced_mmio_in_range()
My testing version of Smatch complains that addr and len come from the user and they can wrap. The path is: -> kvm_vm_ioctl() -> kvm_vm_ioctl_unregister_coalesced_mmio() -> coalesced_mmio_in_range() I don't know what the implications are of wrapping here, but we may as well fix it, if only to silence the warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-rw-r--r--virt/kvm/coalesced_mmio.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c
index a6ec206f36ba..88b2fe3ddf42 100644
--- a/virt/kvm/coalesced_mmio.c
+++ b/virt/kvm/coalesced_mmio.c
@@ -28,9 +28,15 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev,
28 * (addr,len) is fully included in 28 * (addr,len) is fully included in
29 * (zone->addr, zone->size) 29 * (zone->addr, zone->size)
30 */ 30 */
31 31 if (len < 0)
32 return (dev->zone.addr <= addr && 32 return 0;
33 addr + len <= dev->zone.addr + dev->zone.size); 33 if (addr + len < addr)
34 return 0;
35 if (addr < dev->zone.addr)
36 return 0;
37 if (addr + len > dev->zone.addr + dev->zone.size)
38 return 0;
39 return 1;
34} 40}
35 41
36static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev) 42static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev)