]> rtime.felk.cvut.cz Git - jailhouse.git/blobdiff - driver/main.c
projects / jailhouse.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
driver: Improve input validation to make code scanners happier
[jailhouse.git] / driver / main.c
diff --git a/driver/main.c b/driver/main.c
index 4721db7af15ee5efa8879c2883ab3aff5880f226..f3a08f31524369c49f3703fc808dc8b5f697924f 100644 (file)
--- a/driver/main.c
+++ b/driver/main.c
@@ -217,13 +217,15 @@ static int jailhouse_cmd_enable(struct jailhouse_system __user *arg)
 
        err = -EINVAL;
        if (memcmp(header->signature, JAILHOUSE_SIGNATURE,
-                  sizeof(header->signature)) != 0)
+                  sizeof(header->signature)) != 0 ||
+           hypervisor->size >= hv_mem->size)
                goto error_release_fw;
 
        hv_core_and_percpu_size = PAGE_ALIGN(header->core_size) +
                max_cpus * header->percpu_size;
        config_size = jailhouse_system_config_size(&config_header);
-       if (hv_mem->size <= hv_core_and_percpu_size + config_size)
+       if (hv_core_and_percpu_size >= hv_mem->size ||
+           config_size >= hv_mem->size - hv_core_and_percpu_size)
                goto error_release_fw;
 
        hypervisor_mem = jailhouse_ioremap(hv_mem->phys_start, JAILHOUSE_BASE,