vfio/type1: silence integer overflow warning

I get a static checker warning about the potential integer overflow if we add "unmap->iova + unmap->size". The integer overflow isn't really harmful, but we may as well fix it. Also unmap->size gets truncated to size_t when we pass it to vfio_find_dma() so we could check for too high values of that as well. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
author: Dan Carpenter <dan.carpenter@oracle.com> 2017-10-20 11:41:56 -0600
committer: Alex Williamson <alex.williamson@redhat.com> 2017-10-20 11:41:56 -0600
commit: 71a7d3d78e3ca51ea688ae88c389867d948377cd (patch)
tree: 74901aa0a48262807d8e409839a99f6f5a44455f /drivers/vfio
parent: 79d40370e8d31886a9413e2ee115fc426b4ae97e (diff)
download: op-kernel-dev-71a7d3d78e3ca51ea688ae88c389867d948377cd.zip
op-kernel-dev-71a7d3d78e3ca51ea688ae88c389867d948377cd.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 92155cc..e30e29a 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -767,6 +767,9 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
 		return -EINVAL;
 	if (!unmap->size || unmap->size & mask)
 		return -EINVAL;
+	if (unmap->iova + unmap->size < unmap->iova ||
+	    unmap->size > SIZE_MAX)
+		return -EINVAL;
 
 	WARN_ON(mask & PAGE_MASK);
 again:
author	Dan Carpenter <dan.carpenter@oracle.com>	2017-10-20 11:41:56 -0600
committer	Alex Williamson <alex.williamson@redhat.com>	2017-10-20 11:41:56 -0600
commit	71a7d3d78e3ca51ea688ae88c389867d948377cd (patch)
tree	74901aa0a48262807d8e409839a99f6f5a44455f /drivers/vfio
parent	79d40370e8d31886a9413e2ee115fc426b4ae97e (diff)
download	op-kernel-dev-71a7d3d78e3ca51ea688ae88c389867d948377cd.zip op-kernel-dev-71a7d3d78e3ca51ea688ae88c389867d948377cd.tar.gz