RE: [patch] NVMe: check for integer overflow in nvme_map_user_pages()

From: Dan Carpenter [dan.carpen...@oracle.com] Sent: May 11, 2013 9:31 AM To: Wilcox, Matthew R Cc: Busch, Keith; Verma, Vishal L; linux-kernel@vger.kernel.org; kernel-janit...@vger.kernel.org Subject: [patch] NVMe: check for integer overflow in nvme_map_user_pages() You need to have CAP_SYS_AD

[patch] NVMe: check for integer overflow in nvme_map_user_pages()

You need to have CAP_SYS_ADMIN to trigger this overflow but it makes the static checkers complain so we should fix it. The worry is that "length" comes from copy_from_user() so we need to check that "length + offset" can't overflow. I also changed the min_t() cast to be unsigned instead of signed