diff --git a/[refs] b/[refs]
index 0de4823ceb8d..749ed29f8aa8 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 3f2e5260f5a17d37be3e3c83aca2f335b9bf3893
+refs/heads/master: 1a214246cbb431f7430f7d0c0fb66218a6f442d2
diff --git a/trunk/virt/kvm/coalesced_mmio.c b/trunk/virt/kvm/coalesced_mmio.c
index a6ec206f36ba..88b2fe3ddf42 100644
--- a/trunk/virt/kvm/coalesced_mmio.c
+++ b/trunk/virt/kvm/coalesced_mmio.c
@@ -28,9 +28,15 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev,
 	 * (addr,len) is fully included in
 	 * (zone->addr, zone->size)
 	 */
-
-	return (dev->zone.addr <= addr &&
-		addr + len <= dev->zone.addr + dev->zone.size);
+	if (len < 0)
+		return 0;
+	if (addr + len < addr)
+		return 0;
+	if (addr < dev->zone.addr)
+		return 0;
+	if (addr + len > dev->zone.addr + dev->zone.size)
+		return 0;
+	return 1;
 }
 
 static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev)