Commit 1a214246 authored Oct 19, 2011 by Dan Carpenter Committed by Avi Kivity Dec 27, 2011

KVM: make checks stricter in coalesced_mmio_in_range()



My testing version of Smatch complains that addr and len come from
the user and they can wrap.  The path is:
  -> kvm_vm_ioctl()
     -> kvm_vm_ioctl_unregister_coalesced_mmio()
        -> coalesced_mmio_in_range()

I don't know what the implications are of wrapping here, but we may
as well fix it, if only to silence the warning.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

parent 3f2e5260

virt/kvm/coalesced_mmio.c

+9 −3

Original line number	Diff line number	Diff line
		@@ -28,9 +28,15 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev,
		* (addr,len) is fully included in
		* (zone->addr, zone->size)
		*/

		return (dev->zone.addr <= addr &&
		addr + len <= dev->zone.addr + dev->zone.size);
		if (len < 0)
		return 0;
		if (addr + len < addr)
		return 0;
		if (addr < dev->zone.addr)
		return 0;
		if (addr + len > dev->zone.addr + dev->zone.size)
		return 0;
		return 1;
		}

		static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev)