From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 044ED1CAA9F
	for <linux-kernel@vger.kernel.org>; Mon, 13 Jan 2025 22:45:53 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.43
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1736808355; cv=none; b=TfOXqOwYCaGnHDXUfOlZoTt2TWSoccG4t5TmFWTuOfZ331JffSUFRe1HrV8UrCNSm/2D7uTygU4GBqUfbBBlxFa9t/Op5Q4zq65arUoiCWKpBQZK6rausU0qS9mqo21KYks9vQ7dWXz5brET+Rv28/K83RaQkpRxuT+3neAfYew=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1736808355; c=relaxed/simple;
	bh=2i8typo8HD9wAt+YwM+N/Am7xizTXjzVHDvf9OC15Gg=;
	h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:
	 Content-Disposition; b=jcxGJms7kZ5UHdvflTzFj25M9anHwBM/XxFx5SiL+2kXaKw+8HKGXqDsFWJTF4xg7WDtcaR5Osxh6isFq7pvuiwIr/HVe9VEmAQUyZ4GRI7UuJmXLgAk7cwZDFDo90P2rvLEFqMC+WHeed3yNZor+AaWtPR5m7v5YsZRF15MSjg=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ie8RAsd/; arc=none smtp.client-ip=209.85.221.43
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ie8RAsd/"
Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-38634c35129so3368328f8f.3
        for <linux-kernel@vger.kernel.org>; Mon, 13 Jan 2025 14:45:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1736808352; x=1737413152; darn=vger.kernel.org;
        h=content-transfer-encoding:content-disposition:mime-version:reply-to
         :message-id:subject:cc:to:from:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=oM0iEdN1RDP34FbwI/vf3msxOkmXdAiG7RIVz8RZ6s0=;
        b=ie8RAsd/mDpXkAWZGe+cgfhCScIA4Lj/RF1wN0mwLhVx0joEyRBLrGYcV+gxfZ38zR
         HvDm0mHgDcmoF2uPDlFyzrND23A1+qnXgJRaYusWZ1KLWVK3NLG0jYsnfEfZhNyvKvvK
         o/jU5oGinR/jY6WgYLP/fWnhj1E7OZWAyl+x49Xm1EDr9u42ZPJP6HtiM8WJfMFH/APM
         JEpM3VVVu98wcgd9KETIrPED3W0seFfoHB+iCb7YW55izb0I6OLFpaHhshddzjJVBr65
         RT3q4puwHOslxvAg71sn57oHCy2n6srxPSlwO6AWN7k5rSj3jEMCI3UN72AoEzI+ON/W
         8SpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1736808352; x=1737413152;
        h=content-transfer-encoding:content-disposition:mime-version:reply-to
         :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=oM0iEdN1RDP34FbwI/vf3msxOkmXdAiG7RIVz8RZ6s0=;
        b=qsp34kEpRthTeWheE6C5PJWFWTcG1zDlG0BBu61hhJjnpmNPiVQlYUMRmxyOoqNE/n
         9ueliTgCAtJC8+KDuc0z3X07herydCkzarCi2CHW2tqj/VqjJaZ9K5EIw6YYIC1ZTd54
         G8pHjH/xRy8a8nNh68jMrUmJLmGLwOwnqJanpAE+ZaOhkvQZQnXuryEf52B29PVGtZlf
         3EpHbw/eN8hxlfpLitUTfcxyrNeDgtyb0gYWGxWVT2vcnntDbl2W1QUDq6dJZD+ekWj4
         XCyUuasYUkOoA72aMqU4kxUIfiK2DitmlakPqjDHS525kq64f3TCg74l2sZlP0vPqJpm
         H6hA==
X-Forwarded-Encrypted: i=1; AJvYcCWr9z3PQ40a03IfyZhPJ7oQ0sEk3nU98gXZ7ud3cWumKpB7w2Np360VGjbJsoAJX1ILK5A8MjJY923pCtM=@vger.kernel.org
X-Gm-Message-State: AOJu0YwsnWBJkXT2+qDGABZn2aBxlUom17G4B2upiDyxfYcXBcxFUTzS
	zDxxLtORiYF5fpQDIKQGDMHJoe5E/w15oggnK99q1LG+OXVrGzSC
X-Gm-Gg: ASbGncsSkEMMaQpN3TuH2+vzIdZwnHNbBpjpnanWij8dxHUNQI5pr/Q6lx0Ahs5Cz+d
	WoZw2BrngRw/57g59+vF3BfxoOqaR6+Le6XH1cZ4tHtSoaTTasEotVuIuCsU7qFHr2kz8MfrxmE
	VtYHSfdvXSexichc14234z6cXK3UPo7dMTDpH/kU9IaaRGRp4QOk9yhva7x6Vl1jtmWovH3jLec
	+dHwGOYYIckMoO/gvQtxeOwp9zCnis7Wdj1TVlJdbSHK9/EgSp6pl8xhf94
X-Google-Smtp-Source: AGHT+IFMBMp2BYedLlPToUVUltg+GUaxDTcmND5Gp7d4I/3kvby+tldtQDWjNbi/Kwska5uA0mAd4Q==
X-Received: by 2002:adf:a295:0:b0:38a:873f:e31f with SMTP id ffacd0b85a97d-38a873fe683mr15834202f8f.1.1736808352157;
        Mon, 13 Jan 2025 14:45:52 -0800 (PST)
Received: from qasdev.system ([2a02:c7c:6696:8300:af9a:68cc:e070:12c7])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e3838a3sm13321726f8f.33.2025.01.13.14.45.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 13 Jan 2025 14:45:50 -0800 (PST)
Date: Mon, 13 Jan 2025 22:45:45 +0000
From: Qasim Ijaz <qasdev00@gmail.com>
To: Joao Martins <joao.m.martins@oracle.com>,
	Jason Gunthorpe <jgg@ziepe.ca>
Cc: Kevin Tian <kevin.tian@intel.com>, Joerg Roedel <joro@8bytes.org>,
	Will Deacon <will@kernel.org>, Robin Murphy <robin.murphy@arm.com>,
	iommu@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] iommu: Fix shift-out-of-bounds in
 iova_bitmap_offset_to_index()
Message-ID: <Z4WXmeILAzTfb1xO@qasdev.system>
Reply-To: 142a177f-4e3b-473b-871a-2e929240efef@oracle.com
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

On Mon, Jan 13, 2025 at 04:25:29PM +0000, Joao Martins wrote:
> On 13/01/2025 16:22, Jason Gunthorpe wrote:
> > On Mon, Jan 13, 2025 at 12:00:29PM +0000, Joao Martins wrote:
> >> On 12/01/2025 12:39, Qasim Ijaz wrote:
> >>> This patch resolves a UBSAN shift-out-of-bounds issue in 
> >>
> >> Avoid the 'this patch' e.g. Resolve a UBSAN shift-out-of-bonds (...)
> >>
> >> The Subject component part could also be a bit more specific e.g.
> >>
> >> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
> >>
> >>> iova_bitmap_offset_to_index() where shifting the constant "1" (of type int) 
> >>> by bitmap->mapped.pgshift (an unsigned long value) could result in undefined behavior. 
> >>>
> >>> The constant "1" defaults to a 32-bit "int", and when "pgshift" exceeds 31 (e.g., pgshift = 63)
> >>> the shift operation overflows, as the result cannot be represented in a 32-bit type.
> >>>
> >>> To resolve this, the constant is updated to "1UL", promoting it to an unsigned long type 
> >>> to match the operand's type.
> >>>
> >>> Reported-by: syzbot <syzbot+85992ace37d5b7b51635@syzkaller.appspotmail.com>
> >>> Closes: https://syzkaller.appspot.com/bug?extid=85992ace37d5b7b51635
> >>> Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
> >>
> >> With those two nits:
> >>
> >> 	Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
> > 
> > It needs a fixes line too
> 
> It should be
> 
> Fixes: 495c06d82ba ("vfio: Add an IOVA bitmap support")
> 
>   Joao

Thank you for your feedback on the initial patch Jason and Joao. I’ve incorporated your suggestions and submitted a v2 patch for review.

Please let me know if further adjustments are needed.

Best regards,
Qasim