On 15.01.2021 17:03, Andrew Cooper wrote: > On 15/01/2021 11:43, Jan Beulich wrote: >>> + mfn_t tmp; >>> + void **vaddrs; >>> + int rc; >>> + >>> + /* Overflow checks */ >>> + if ( frame + nr_frames < frame ) >>> + return -EINVAL; >>> + >>> + tot_frames = frame + nr_frames; >>> + if ( tot_frames != frame + nr_frames ) >>> + return -EINVAL; >> Can't these two be folded into >> >> unsigned int tot_frames = frame + nr_frames; >> >> if ( tot_frames < frame ) >> return -EINVAL; >> >> ? Both truncation and wrapping look to be taken care of this >> way. > > Not when frame is a multiple of 4G (or fractionally over, I think).
How that? In this case any unsigned int value will be less than frame. Jan
