From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 20 Oct 2017 17:41:56 +0000 (-0600)
Subject: vfio/type1: silence integer overflow warning
X-Git-Tag: v4.15-rc1~123^2~1
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=71a7d3d78e3ca51ea688ae88c389867d948377cd;p=users%2Fjedix%2Flinux-maple.git

vfio/type1: silence integer overflow warning

I get a static checker warning about the potential integer overflow if
we add "unmap->iova + unmap->size".  The integer overflow isn't really
harmful, but we may as well fix it.  Also unmap->size gets truncated to
size_t when we pass it to vfio_find_dma() so we could check for too high
values of that as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 92155cce926d..e30e29ae4819 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -767,6 +767,9 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
 		return -EINVAL;
 	if (!unmap->size || unmap->size & mask)
 		return -EINVAL;
+	if (unmap->iova + unmap->size < unmap->iova ||
+	    unmap->size > SIZE_MAX)
+		return -EINVAL;
 
 	WARN_ON(mask & PAGE_MASK);
 again: