On Sat, Jun 1, 2019 at 12:50 AM Christoph Hellwig <h...@lst.de> wrote:
>
> Pass in the already calculated end value instead of recomputing it, and
> leave the end > start check in the callers instead of duplicating them
> in the arch code.
Good cleanup, except it's wrong.
> - if (nr_pages <= 0)
> + if (end < start)
> return 0;
You moved the overflow test to generic code - good.
You removed the sign and zero test on nr_pages - bad.
The zero test in particular is _important_ - the GUP range operators
know and depend on the fact that they are passed a non-empty range.
The sign test it less so, but is definitely appropriate. It might be
even better to check that the "<< PAGE_SHIFT" doesn't overflow in
"long", of course, but with callers being supposed to be trusted, the
sign test at least checks for stupid underflow issues.
So at the very least that "(end < start)" needs to be "(end <=
start)", but honestly, I think the sign of the nr_pages should be
continued to be checked.
Linus
