vfio/type1: silence integer overflow warning

I get a static checker warning about the potential integer overflow if
we add "unmap->iova + unmap->size".  The integer overflow isn't really
harmful, but we may as well fix it.  Also unmap->size gets truncated to
size_t when we pass it to vfio_find_dma() so we could check for too high
values of that as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 92155cce926d1c38bdfc5fb415b43ade481d1591..e30e29ae4819f60cbb53c808558ee808079febe0 100644 (file)
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -767,6 +767,9 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
                return -EINVAL;
        if (!unmap->size || unmap->size & mask)
                return -EINVAL;
+       if (unmap->iova + unmap->size < unmap->iova ||
+           unmap->size > SIZE_MAX)
+               return -EINVAL;
 
        WARN_ON(mask & PAGE_MASK);
 again: