From mboxrd@z Thu Jan  1 00:00:00 1970
From: Cornelia Huck <cohuck@redhat.com>
Subject: Re: [PATCH] vfio/type1: Fix unmap overflow off-by-one
Date: Wed, 9 Jan 2019 09:58:37 +0100
Message-ID: <20190109095837.2dfdb4e0.cohuck@redhat.com>
References: <154696559827.32763.11706407320970225120.stgit@gimli.home>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        dan.carpenter@oracle.com, peterx@redhat.com
To: Alex Williamson <alex.williamson@redhat.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <154696559827.32763.11706407320970225120.stgit@gimli.home>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org

On Tue, 08 Jan 2019 09:40:06 -0700
Alex Williamson <alex.williamson@redhat.com> wrote:

> The below referenced commit adds a test for integer overflow, but in
> doing so prevents the unmap ioctl from ever including the last page of
> the address space.  Subtract one to compare to the last address of the
> unmap to avoid the overflow and wrap-around.
> 
> Fixes: 71a7d3d78e3c ("vfio/type1: silence integer overflow warning")
> Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291
> Cc: Dan Carpenter <dan.carpenter@oracle.com>
> Reported-by: Pei Zhang <pezhang@redhat.com>
> Debugged-by: Peter Xu <peterx@redhat.com>
> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
> ---
>  drivers/vfio/vfio_iommu_type1.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>