On Thu, Feb 13, 2025 at 01:40:43PM -0400, Jason Gunthorpe wrote: > On Thu, Feb 13, 2025 at 07:35:10PM +0200, Leon Romanovsky wrote: > > > Initially curr_base is 0xFF.....FF and curr_len is 0. > > curr base can't be so unaligned can it? It is only for first iteration where it is compared with sg_dma_address(), immediately after that it is overwritten. > > > So if this "if ..." is skipped (not possible but static checkers don't know), > > we will advance curr_len and curr_base + curr_len will overflow. > > > > I don't want to take original patch. > > Subtracting is no better, it will just randomly fail for low dma addrs > instead of high. Aren't sg_dma_address placed in increasing order? If not, whole if loop is not correct. If yes, we won't see any failures. > > You need to call check_add_overflow() > > Jason
