Re: [PATCH v2] Drivers: hv: mshv: fix integer overflow in memory region overlap check

Next message: Pasha Tatashin: "Re: [PATCH v3 07/10] liveupdate: Auto unregister FLBs on file handler unregistration"
Previous message: Florian Fainelli: "[PATCH] mmc: core: Kioxia 016G01 does not enter boot mode after SLEEP"
In reply to: Junrui Luo: "Re: [PATCH v2] Drivers: hv: mshv: fix integer overflow in memory region overlap check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: vdso

Date: Mon Apr 13 2026 - 14:11:02 EST

> On 04/13/2026 1:43 AM PDT Junrui Luo <moonafterrain@xxxxxxxxxxx> wrote:
>
>
> On Fri, Apr 10, 2026 at 09:05:35PM -0800, vdso@xxxxxxxxxxx wrote:
> > All in all, from the three options of (generic check for overflow, simple check
> > for arch bad PFNs/GFNs, an elaborated check with all specifics) I suggested the simple check.
> > Fast and still more useful than checking for overflow in my opinion.
>
> Thanks Roman for the thorough write-up. Since the original patch mixes
> host and hypervisor-side constants with an unclear unit, IMO we should
> do the bounds check in bytes instead.
>
> For instance:
>
> u64 start_gpa, end_gpa;
>
> if (check_mul_overflow(mem->guest_pfn, HV_HYP_PAGE_SIZE,
> &start_gpa) ||
> check_add_overflow(start_gpa, mem->size, &end_gpa) ||
> end_gpa > (1ULL << MAX_PHYSMEM_BITS))
> return -EINVAL;
>
> Both sides of the final comparison are bytes, so no host-vs-hv page
> unit conversion is needed.

I like that better indeed!

>
> In addition, it changes return value from -EOVERFLOW to -EINVAL.

I think that good, too: -EOVERFLOW originated iiuc and is more used
in VFS from my cursory glance.

>
> Does this approach look reasonable? Happy to iterate if either of you
> would prefer a different choice.

I agree with all your points, feels like a better place now :)

I'd defer the final smell check to Stanislav. Stanislav maintains this code
as the daily job, and might have a better feel and perspective for it. I've
been happy to add my 2c!

>
> Thanks,
> Junrui Luo