[PATCH] lib: sbi_domain: reject overflowing address range in check_addr_range()

[Rahul Pathak]

Hi Takumi,

I believe from the semantics of this function
if the size passed is 0 which makes its a invalid
range in which case this function should return
false rather than true.
Caller of this function if proceeds with the address
without any checks happening inside the function
just because it passed the size == 0 will be incorrect use,
even though will be trapped later.

Will let you and the maintainer decide on this behaviour.

Since this behaviour is existing and the fix you have
provided is still applicable.

Reviewed-by: Rahul Pathak <rahul at summations.net>


Thanks
Rahul

On Fri, Mar 27, 2026 at 9:18 AM Takumi Hara <takumihara1226 at gmail.com> wrote:
>
> Thanks for the review, Rahul.
>
> When size == 0, max == addr, so the overflow guard is skipped
> (it's not an overflow), and the while(addr < max) loop is also
> skipped since addr == max. The function returns true.
>
> This is the existing behavior and is intentional -- a zero-length
> range has no bytes to validate, so returning true is correct.
>
> This patch only targets the overflow case where a non-zero size
> wraps max around to <= addr, which silently skips all permission
> checks on a range that actually covers memory.
>
> Best regards,
> Takumi Hara