Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-02-02 Thread Bandan Das
Pierre Morel writes: > In vfio_listener_region_add(), we try to validate that the region is not > zero sized and hasn't overflowed the addresses space. > > But the calculation uses the size of the region instead of > using the region's limit (size - 1). > > This leads

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-28 Thread Pierre Morel
On 01/27/2016 06:43 PM, Alex Williamson wrote: On Wed, 2016-01-27 at 10:28 +0100, Pierre Morel wrote: On 01/26/2016 06:00 PM, Alex Williamson wrote: On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote: On 01/22/2016 11:19 PM, Alex Williamson wrote: On Fri, 2016-01-22 at 15:14 -0700,

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-27 Thread Alex Williamson
On Wed, 2016-01-27 at 10:28 +0100, Pierre Morel wrote: >  > On 01/26/2016 06:00 PM, Alex Williamson wrote: > > On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote: > > > On 01/22/2016 11:19 PM, Alex Williamson wrote: > > > > On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote: > > > > > On

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-27 Thread Pierre Morel
On 01/26/2016 06:00 PM, Alex Williamson wrote: On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote: On 01/22/2016 11:19 PM, Alex Williamson wrote: On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote: On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote: On 01/20/2016 04:46 PM, Alex

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-26 Thread Pierre Morel
On 01/22/2016 11:19 PM, Alex Williamson wrote: On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote: On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote: On 01/20/2016 04:46 PM, Alex Williamson wrote: On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote: On 01/12/2016 07:16 PM, Alex

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-26 Thread Alex Williamson
On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote: > > On 01/22/2016 11:19 PM, Alex Williamson wrote: > > On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote: > > > On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote: > > > > On 01/20/2016 04:46 PM, Alex Williamson wrote: > > > > > On

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-22 Thread Alex Williamson
On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote: > > On 01/20/2016 04:46 PM, Alex Williamson wrote: > > On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote: > > > On 01/12/2016 07:16 PM, Alex Williamson wrote: > > > > On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote: > > > > > In

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-22 Thread Alex Williamson
On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote: > On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote: > > > > On 01/20/2016 04:46 PM, Alex Williamson wrote: > > > On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote: > > > > On 01/12/2016 07:16 PM, Alex Williamson wrote: > > > > >

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-21 Thread Pierre Morel
On 01/20/2016 04:46 PM, Alex Williamson wrote: On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote: On 01/12/2016 07:16 PM, Alex Williamson wrote: On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote: In vfio_listener_region_add(), we try to validate that the region is not zero sized and

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-20 Thread Pierre Morel
On 01/12/2016 07:16 PM, Alex Williamson wrote: On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote: In vfio_listener_region_add(), we try to validate that the region is not zero sized and hasn't overflowed the addresses space. But the calculation uses the size of the region instead of

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-20 Thread Alex Williamson
On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote: > > On 01/12/2016 07:16 PM, Alex Williamson wrote: > > On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote: > > > In vfio_listener_region_add(), we try to validate that the region > > > is > > > not > > > zero sized and hasn't overflowed

[Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-12 Thread Pierre Morel
In vfio_listener_region_add(), we try to validate that the region is not zero sized and hasn't overflowed the addresses space. But the calculation uses the size of the region instead of using the region's limit (size - 1). This leads to Int128 overflow when the region has been initialized to

Re: [Qemu-devel] [PATCH v3] vfio/common: Check iova with limit not with size

2016-01-12 Thread Alex Williamson
On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote: > In vfio_listener_region_add(), we try to validate that the region is > not > zero sized and hasn't overflowed the addresses space. > > But the calculation uses the size of the region instead of > using the region's limit (size - 1). > >