[Qemu-devel] [PATCH v2] vfio: convert to 128 bit arithmetic calculations when adding mem regions

From: Bandan Das <bsd@redhat.com>
To: qemu-devel <qemu-devel@nongnu.org>,
	Alex Williamson <alex.williamson@redhat.com>
Subject: [Qemu-devel] [PATCH v2] vfio: convert to 128 bit arithmetic calculations when adding mem regions
Date: Wed, 23 Mar 2016 20:37:25 -0400	[thread overview]
Message-ID: <jpg60wc90e2.fsf@linux.bootlegged.copy> (raw)


vfio_listener_region_add for a iommu mr results in
an overflow assert since iommu memory region is initialized
with UINT64_MAX. Convert calculations to 128 bit arithmetic
for iommu memory regions and let int128_get64 assert for non iommu
regions if there's an overflow.

Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Bandan Das <bsd@redhat.com>
---
v2:
   Just reuse @end (as hwaddr) for the end address
   Remove white space changes
   Extend 128 bit arithmetic ops upto the point vfio_dma_map is called
   Minor changes to commit message
v1:
This is v2 of http://patchwork.ozlabs.org/patch/600364/
 hw/vfio/common.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index fb588d8..ca05c87 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -323,7 +323,7 @@ static void vfio_listener_region_add(MemoryListener *listener,
 {
     VFIOContainer *container = container_of(listener, VFIOContainer, listener);
     hwaddr iova, end;
-    Int128 llend;
+    Int128 llend, llsize;
     void *vaddr;
     int ret;
 
@@ -349,12 +349,12 @@ static void vfio_listener_region_add(MemoryListener *listener,
     if (int128_ge(int128_make64(iova), llend)) {
         return;
     }
-    end = int128_get64(llend);
+    end = int128_get64(int128_sub(llend, int128_one()));
 
-    if ((iova < container->min_iova) || ((end - 1) > container->max_iova)) {
+    if ((iova < container->min_iova) || (end > container->max_iova)) {
         error_report("vfio: IOMMU container %p can't map guest IOVA region"
                      " 0x%"HWADDR_PRIx"..0x%"HWADDR_PRIx,
-                     container, iova, end - 1);
+                     container, iova, end);
         ret = -EFAULT;
         goto fail;
     }
@@ -364,7 +364,7 @@ static void vfio_listener_region_add(MemoryListener *listener,
     if (memory_region_is_iommu(section->mr)) {
         VFIOGuestIOMMU *giommu;
 
-        trace_vfio_listener_region_add_iommu(iova, end - 1);
+        trace_vfio_listener_region_add_iommu(iova, end);
         /*
          * FIXME: We should do some checking to see if the
          * capabilities of the host VFIO IOMMU are adequate to model
@@ -389,6 +389,8 @@ static void vfio_listener_region_add(MemoryListener *listener,
         return;
     }
 
+    llsize = int128_sub(llend, int128_make64(iova));
+
     /* Here we assume that memory_region_is_ram(section->mr)==true */
 
     vaddr = memory_region_get_ram_ptr(section->mr) +
@@ -397,11 +399,12 @@ static void vfio_listener_region_add(MemoryListener *listener,
 
     trace_vfio_listener_region_add_ram(iova, end - 1, vaddr);
 
-    ret = vfio_dma_map(container, iova, end - iova, vaddr, section->readonly);
+    ret = vfio_dma_map(container, iova, int128_get64(llsize),
+                       vaddr, section->readonly);
     if (ret) {
         error_report("vfio_dma_map(%p, 0x%"HWADDR_PRIx", "
                      "0x%"HWADDR_PRIx", %p) = %d (%m)",
-                     container, iova, end - iova, vaddr, ret);
+                     container, iova, int128_get64(llsize), vaddr, ret);
         goto fail;
     }
 
-- 
2.5.0
