summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2011-10-19 08:15:10 +0200
committerAvi Kivity <avi@redhat.com>2011-12-27 10:17:07 +0100
commit1a214246cbb431f7430f7d0c0fb66218a6f442d2 (patch)
tree5a45be4f7fe958dbd09774ad9425bdcf40ff8e91
parentKVM: x86: Simplify kvm timer handler (diff)
downloadlinux-1a214246cbb431f7430f7d0c0fb66218a6f442d2.tar.xz
linux-1a214246cbb431f7430f7d0c0fb66218a6f442d2.zip
KVM: make checks stricter in coalesced_mmio_in_range()
My testing version of Smatch complains that addr and len come from the user and they can wrap. The path is: -> kvm_vm_ioctl() -> kvm_vm_ioctl_unregister_coalesced_mmio() -> coalesced_mmio_in_range() I don't know what the implications are of wrapping here, but we may as well fix it, if only to silence the warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-rw-r--r--virt/kvm/coalesced_mmio.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c
index a6ec206f36ba..88b2fe3ddf42 100644
--- a/virt/kvm/coalesced_mmio.c
+++ b/virt/kvm/coalesced_mmio.c
@@ -28,9 +28,15 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev,
* (addr,len) is fully included in
* (zone->addr, zone->size)
*/
-
- return (dev->zone.addr <= addr &&
- addr + len <= dev->zone.addr + dev->zone.size);
+ if (len < 0)
+ return 0;
+ if (addr + len < addr)
+ return 0;
+ if (addr < dev->zone.addr)
+ return 0;
+ if (addr + len > dev->zone.addr + dev->zone.size)
+ return 0;
+ return 1;
}
static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev)