On Mon, 21 Mar 2016 18:00:50 -0400 Bandan Das <b...@redhat.com> wrote:
> vfio_listener_region_add for a iommu mr results in > an overflow assert since emulated iommu memory region is initialized > with UINT64_MAX. Add a check just like memory_region_size() > does. > > Signed-off-by: Bandan Das <b...@redhat.com> > --- > hw/vfio/common.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/hw/vfio/common.c b/hw/vfio/common.c > index fb588d8..269244b 100644 > --- a/hw/vfio/common.c > +++ b/hw/vfio/common.c > @@ -349,7 +349,12 @@ static void vfio_listener_region_add(MemoryListener > *listener, > if (int128_ge(int128_make64(iova), llend)) { > return; > } > - end = int128_get64(llend); > + > + if (int128_eq(llend, int128_2_64())) { > + end = UINT64_MAX; > + } else { > + end = int128_get64(llend); > + } > > if ((iova < container->min_iova) || ((end - 1) > container->max_iova)) { > error_report("vfio: IOMMU container %p can't map guest IOVA region" But now all the calculations where we use end-1 are wrong. See the discussion with Pierre Morel in the January qemu-devel archives. There's a solution in there, but I never saw a follow-up from Pierre with a revised patch. Thanks, Alex