git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

vfio/type1: Fix unmap overflow off-by-one

BugLink: https://bugs.launchpad.net/bugs/1837477
commit 58fec830fc19208354895d9832785505046d6c01 upstream.

The below referenced commit adds a test for integer overflow, but in
doing so prevents the unmap ioctl from ever including the last page of
the address space. Subtract one to compare to the last address of the
unmap to avoid the overflow and wrap-around.

Fixes: 71a7d3d78e3c ("vfio/type1: silence integer overflow warning")
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291
Cc: stable@vger.kernel.org # v4.15+
Reported-by: Pei Zhang <pezhang@redhat.com>
Debugged-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Tested-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

author	Alex Williamson <alex.williamson@redhat.com>
	Tue, 8 Jan 2019 05:13:22 +0000 (22:13 -0700)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Wed, 14 Aug 2019 09:18:49 +0000 (11:18 +0200)
commit	ac1e24151c3697155b2d3359bbdec15b1d7c4473
tree	29b7a1f08d1b224a9ddde95a6f67f521c5cca849	tree
parent	87fce576e1c7f935966ab1a8748efbe951d5d9e1	commit \| diff