Re: [PATCH v2] Drivers: hv: mshv: fix integer overflow in memory region overlap check

Next message: Jan Kara: "Re: [PATCH v1 05/10] mm/huge_memory: remove READ_ONLY_THP_FOR_FS from file_thp_enabled()"
Previous message: Ido Schimmel: "Re: [PATCH net-next v4 1/5] ipv4: igmp: get rid of IGMPV3_{QQIC,MRC} and simplify calculation"
In reply to: vdso: "Re: [PATCH v2] Drivers: hv: mshv: fix integer overflow in memory region overlap check"
Next in thread: vdso: "Re: [PATCH v2] Drivers: hv: mshv: fix integer overflow in memory region overlap check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Junrui Luo

Date: Mon Apr 13 2026 - 04:47:32 EST

On Fri, Apr 10, 2026 at 09:05:35PM -0800, vdso@xxxxxxxxxxx wrote:
> All in all, from the three options of (generic check for overflow, simple check
> for arch bad PFNs/GFNs, an elaborated check with all specifics) I suggested the simple check.
> Fast and still more useful than checking for overflow in my opinion.

Thanks Roman for the thorough write-up. Since the original patch mixes
host and hypervisor-side constants with an unclear unit, IMO we should
do the bounds check in bytes instead.

For instance:

u64 start_gpa, end_gpa;

if (check_mul_overflow(mem->guest_pfn, HV_HYP_PAGE_SIZE,
&start_gpa) ||
check_add_overflow(start_gpa, mem->size, &end_gpa) ||
end_gpa > (1ULL << MAX_PHYSMEM_BITS))
return -EINVAL;

Both sides of the final comparison are bytes, so no host-vs-hv page
unit conversion is needed.

In addition, it changes return value from -EOVERFLOW to -EINVAL.

Does this approach look reasonable? Happy to iterate if either of you
would prefer a different choice.

Thanks,
Junrui Luo