diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2017-10-20 11:41:56 -0600 |
---|---|---|
committer | Alex Williamson <alex.williamson@redhat.com> | 2017-10-20 11:41:56 -0600 |
commit | 71a7d3d78e3ca51ea688ae88c389867d948377cd (patch) | |
tree | 74901aa0a48262807d8e409839a99f6f5a44455f /drivers | |
parent | 79d40370e8d31886a9413e2ee115fc426b4ae97e (diff) |
vfio/type1: silence integer overflow warning
I get a static checker warning about the potential integer overflow if
we add "unmap->iova + unmap->size". The integer overflow isn't really
harmful, but we may as well fix it. Also unmap->size gets truncated to
size_t when we pass it to vfio_find_dma() so we could check for too high
values of that as well.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/vfio/vfio_iommu_type1.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c index 92155cce926d..e30e29ae4819 100644 --- a/drivers/vfio/vfio_iommu_type1.c +++ b/drivers/vfio/vfio_iommu_type1.c @@ -767,6 +767,9 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, return -EINVAL; if (!unmap->size || unmap->size & mask) return -EINVAL; + if (unmap->iova + unmap->size < unmap->iova || + unmap->size > SIZE_MAX) + return -EINVAL; WARN_ON(mask & PAGE_MASK); again: |