[PATCH] lib: sbi_domain: reject zero-size and overflowing ranges in sbi_domain_check_addr_range
Anup Patel
anup at brainfault.org
Mon May 11 07:57:37 PDT 2026
On Wed, Apr 22, 2026 at 8:48 PM liutong <liutong at iscas.ac.cn> wrote:
>
> `max = addr + size` is computed without overflow detection, and a
> size of zero is not rejected. In both cases the `while (addr < max)`
> loop executes zero times and the function falls through to
> `return true` without actually checking any region against the
> domain configuration.
>
> Reject size == 0 and detect unsigned overflow of addr + size before
> entering the loop.
>
> Fixes: eab48c33a12d ("lib: sbi: Add sbi_domain_check_addr_range() function")
> Signed-off-by: liutong <liutong at iscas.ac.cn>
The problem of overflowing ranges is already taken care by
the patch "lib: sbi_domain: reject overflowing address range
in check_addr_range()" so you might want to focus only on
"reject zero-size".
Regards,
Anup
> ---
> Apologies for the earlier non-standard submission; resending as a
> proper patch per docs/contributing.md.
>
> lib/sbi/sbi_domain.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/lib/sbi/sbi_domain.c b/lib/sbi/sbi_domain.c
> index 7030848d..74a02057 100644
> --- a/lib/sbi/sbi_domain.c
> +++ b/lib/sbi/sbi_domain.c
> @@ -499,12 +499,17 @@ bool sbi_domain_check_addr_range(const struct sbi_domain *dom,
> unsigned long mode,
> unsigned long access_flags)
> {
> - unsigned long max = addr + size;
> + unsigned long max;
> const struct sbi_domain_memregion *reg, *sreg;
>
> if (!dom)
> return false;
>
> + if (!size || (addr + size) < addr)
> + return false;
> +
> + max = addr + size;
> +
> while (addr < max) {
> reg = find_region(dom, addr);
> if (!reg)
> --
> 2.34.1
>
>
> --
> opensbi mailing list
> opensbi at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi
More information about the opensbi
mailing list