linux/drivers/vfio
Alex Williamson c8dbca165b vfio/iommu_type1: Avoid overflow
Coverity reports use of a tained scalar used as a loop boundary.
For the most part, any values passed from userspace for a DMA mapping
size, IOVA, or virtual address are valid, with some alignment
constraints.  The size is ultimately bound by how many pages the user
is able to lock, IOVA is tested by the IOMMU driver when doing a map,
and the virtual address needs to pass get_user_pages.  The only
problem I can find is that we do expect the __u64 user values to fit
within our variables, which might not happen on 32bit platforms.  Add
a test for this and return error on overflow.  Also propagate use of
the type-correct local variables throughout the function.

The above also points to the 'end' variable, which can be zero if
we're operating at the very top of the address space.  We try to
account for this, but our loop botches it.  Rework the loop to use
the remaining size as our loop condition rather than the IOVA vs end.

Detected by Coverity: CID 714659

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2014-05-30 11:35:54 -06:00
..
pci vfio/pci: Fix unchecked return value 2014-05-30 11:35:53 -06:00
Kconfig vfio: always select ANON_INODES 2014-03-27 11:58:58 -06:00
Makefile powerpc/vfio: Implement IOMMU driver for VFIO 2013-06-20 16:55:14 +10:00
vfio_iommu_spapr_tce.c powerpc/iommu: Update constant names to reflect their hardcoded page size 2013-12-30 14:17:06 +11:00
vfio_iommu_type1.c vfio/iommu_type1: Avoid overflow 2014-05-30 11:35:54 -06:00
vfio.c vfio: Add external user check extension interface 2014-02-26 11:38:39 -07:00