From 1a214246cbb431f7430f7d0c0fb66218a6f442d2 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 19 Oct 2011 09:15:10 +0300 Subject: [PATCH] KVM: make checks stricter in coalesced_mmio_in_range() My testing version of Smatch complains that addr and len come from the user and they can wrap. The path is: -> kvm_vm_ioctl() -> kvm_vm_ioctl_unregister_coalesced_mmio() -> coalesced_mmio_in_range() I don't know what the implications are of wrapping here, but we may as well fix it, if only to silence the warning. Signed-off-by: Dan Carpenter Signed-off-by: Marcelo Tosatti --- virt/kvm/coalesced_mmio.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c index a6ec206f36ba..88b2fe3ddf42 100644 --- a/virt/kvm/coalesced_mmio.c +++ b/virt/kvm/coalesced_mmio.c @@ -28,9 +28,15 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, * (addr,len) is fully included in * (zone->addr, zone->size) */ - - return (dev->zone.addr <= addr && - addr + len <= dev->zone.addr + dev->zone.size); + if (len < 0) + return 0; + if (addr + len < addr) + return 0; + if (addr < dev->zone.addr) + return 0; + if (addr + len > dev->zone.addr + dev->zone.size) + return 0; + return 1; } static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev) -- 2.20.1