On Fri, Apr 10, 2026 at 09:05:35PM -0800, [email protected] wrote:
> All in all, from the three options of (generic check for overflow, simple
> check
> for arch bad PFNs/GFNs, an elaborated check with all specifics) I suggested
> the simple check.
> Fast and still more useful than checking for overflow in my opinion.
Thanks Roman for the thorough write-up. Since the original patch mixes
host and hypervisor-side constants with an unclear unit, IMO we should
do the bounds check in bytes instead.
For instance:
u64 start_gpa, end_gpa;
if (check_mul_overflow(mem->guest_pfn, HV_HYP_PAGE_SIZE,
&start_gpa) ||
check_add_overflow(start_gpa, mem->size, &end_gpa) ||
end_gpa > (1ULL << MAX_PHYSMEM_BITS))
return -EINVAL;
Both sides of the final comparison are bytes, so no host-vs-hv page
unit conversion is needed.
In addition, it changes return value from -EOVERFLOW to -EINVAL.
Does this approach look reasonable? Happy to iterate if either of you
would prefer a different choice.
Thanks,
Junrui Luo
