> On 04/13/2026 1:43 AM PDT Junrui Luo <[email protected]> wrote: > > > On Fri, Apr 10, 2026 at 09:05:35PM -0800, [email protected] wrote: > > All in all, from the three options of (generic check for overflow, simple > > check > > for arch bad PFNs/GFNs, an elaborated check with all specifics) I suggested > > the simple check. > > Fast and still more useful than checking for overflow in my opinion. > > Thanks Roman for the thorough write-up. Since the original patch mixes > host and hypervisor-side constants with an unclear unit, IMO we should > do the bounds check in bytes instead. > > For instance: > > u64 start_gpa, end_gpa; > > if (check_mul_overflow(mem->guest_pfn, HV_HYP_PAGE_SIZE, > &start_gpa) || > check_add_overflow(start_gpa, mem->size, &end_gpa) || > end_gpa > (1ULL << MAX_PHYSMEM_BITS)) > return -EINVAL; > > Both sides of the final comparison are bytes, so no host-vs-hv page > unit conversion is needed.
I like that better indeed! > > In addition, it changes return value from -EOVERFLOW to -EINVAL. I think that good, too: -EOVERFLOW originated iiuc and is more used in VFS from my cursory glance. > > Does this approach look reasonable? Happy to iterate if either of you > would prefer a different choice. I agree with all your points, feels like a better place now :) I'd defer the final smell check to Stanislav. Stanislav maintains this code as the daily job, and might have a better feel and perspective for it. I've been happy to add my 2c! > > Thanks, > Junrui Luo
