在 2021/7/16 下午6:22, Xie Yongji 写道:
This fixes the incorrect calculation for integer overflow when the last address of iova range is 0xffffffff. Fixes: ec33d031a14b ("vhost: detect 32 bit integer wrap around“) Reported-by: Jason Wang <jasowang@xxxxxxxxxx> Signed-off-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx> --- drivers/vhost/vhost.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index b9e853e6094d..a9fd1b311d2f 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -738,7 +738,8 @@ static bool log_access_ok(void __user *log_base, u64 addr, unsigned long sz) static bool vhost_overflow(u64 uaddr, u64 size) { /* Make sure 64 bit math will not overflow. */ - return uaddr > ULONG_MAX || size > ULONG_MAX || uaddr > ULONG_MAX - size; + return uaddr > ULONG_MAX || size > ULONG_MAX || + uaddr - 1 > ULONG_MAX - size; }
Acked-by: Jason Wang <jasowang@xxxxxxxxxx>
/* Caller should have vq mutex and device mutex. */
_______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization