| Message ID | 1418266961-27277-1-git-send-email-tiejun.chen@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 11/12/2014 04:02, Tiejun Chen wrote: > We already check 'len' above to make sure it already isn't > negative here, so indeed, (addr + len < addr) should never be happened. ... except if there is an overflow. Paolo > Signed-off-by: Tiejun Chen <tiejun.chen@intel.com> > --- > virt/kvm/coalesced_mmio.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c > index 00d8642..60f59cd 100644 > --- a/virt/kvm/coalesced_mmio.c > +++ b/virt/kvm/coalesced_mmio.c > @@ -30,8 +30,6 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, > */ > if (len < 0) > return 0; > - if (addr + len < addr) > - return 0; > if (addr < dev->zone.addr) > return 0; > if (addr + len > dev->zone.addr + dev->zone.size) > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 2014/12/11 19:29, Paolo Bonzini wrote: > > > On 11/12/2014 04:02, Tiejun Chen wrote: >> We already check 'len' above to make sure it already isn't >> negative here, so indeed, (addr + len < addr) should never be happened. > > ... except if there is an overflow. Sorry, I'm confused. 'addr' is u64 and now 'len' would always be '>=0', what's your a so-called overflow here? And we also have such a check below, (addr + len > dev->zone.addr + dev->zone.size), so can this guarantee an overflow? Thanks Tiejun > > Paolo > >> Signed-off-by: Tiejun Chen <tiejun.chen@intel.com> >> --- >> virt/kvm/coalesced_mmio.c | 2 -- >> 1 file changed, 2 deletions(-) >> >> diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c >> index 00d8642..60f59cd 100644 >> --- a/virt/kvm/coalesced_mmio.c >> +++ b/virt/kvm/coalesced_mmio.c >> @@ -30,8 +30,6 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, >> */ >> if (len < 0) >> return 0; >> - if (addr + len < addr) >> - return 0; >> if (addr < dev->zone.addr) >> return 0; >> if (addr + len > dev->zone.addr + dev->zone.size) >> > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 2014/12/12 9:02, Chen, Tiejun wrote: > On 2014/12/11 19:29, Paolo Bonzini wrote: >> >> >> On 11/12/2014 04:02, Tiejun Chen wrote: >>> We already check 'len' above to make sure it already isn't >>> negative here, so indeed, (addr + len < addr) should never be happened. >> >> ... except if there is an overflow. > I think now I can understand what you mean. Thanks Tiejun -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c index 00d8642..60f59cd 100644 --- a/virt/kvm/coalesced_mmio.c +++ b/virt/kvm/coalesced_mmio.c @@ -30,8 +30,6 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev, */ if (len < 0) return 0; - if (addr + len < addr) - return 0; if (addr < dev->zone.addr) return 0; if (addr + len > dev->zone.addr + dev->zone.size)
We already check 'len' above to make sure it already isn't negative here, so indeed, (addr + len < addr) should never be happened. Signed-off-by: Tiejun Chen <tiejun.chen@intel.com> --- virt/kvm/coalesced_mmio.c | 2 -- 1 file changed, 2 deletions(-)