On 15.01.2021 17:26, Jan Beulich wrote: > On 15.01.2021 17:03, Andrew Cooper wrote: >> On 15/01/2021 11:43, Jan Beulich wrote: >>>> + mfn_t tmp; >>>> + void **vaddrs; >>>> + int rc; >>>> + >>>> + /* Overflow checks */ >>>> + if ( frame + nr_frames < frame ) >>>> + return -EINVAL; >>>> + >>>> + tot_frames = frame + nr_frames; >>>> + if ( tot_frames != frame + nr_frames ) >>>> + return -EINVAL; >>> Can't these two be folded into >>> >>> unsigned int tot_frames = frame + nr_frames; >>> >>> if ( tot_frames < frame ) >>> return -EINVAL; >>> >>> ? Both truncation and wrapping look to be taken care of this >>> way. >> >> Not when frame is a multiple of 4G (or fractionally over, I think). > > How that? In this case any unsigned int value will be less than > frame.
And in the 32-bit case the above becomes a simple overflow check. Jan
