Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp808950imu; Fri, 11 Jan 2019 09:23:38 -0800 (PST) X-Google-Smtp-Source: ALg8bN63YDcmFWTtmcV4BS0/XBEWa6aYEIgfdIdoIcJtPRu/x+ao8LCJIo6ll1JF0O1aybmod8bD X-Received: by 2002:a62:7a8b:: with SMTP id v133mr15692425pfc.159.1547227418505; Fri, 11 Jan 2019 09:23:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547227418; cv=none; d=google.com; s=arc-20160816; b=tPCz81i1+e+RDMJ81FtoFzHNdknKjJBWh5h7YL6EfrTw22wOFINSZj8VXnQvi7UpnF L92PPi/xIUjES3IvI33a1vVQ/eI3H70U7EgwEITGbyf0KmsCKn6W1S87muJhQJeKBipH SibqoOgvIh+AYPcxeUIc+VC7yVQvsp7Ga/UmNpwgjlBzEElKynqwGLyKC8h/7bted3R3 jZMw9dG2pcbA5e0SS1AsW0aFd1CaX30C5fTj16DwdVZqp/BoUa/vCcu4KCwOIHv3nR9Z KKjx8s5x/3+Ces6bDq3fVuU1M7kukjdOLp+fY9k7Ys+z9TQdedH9cMLHjGwshCOVTJ+J y+EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=fzx/EzVP8OZKShiczOfbg7BTHR2bphERednAYZiEWSQ=; b=Dp4Etmq5rSHtbOr/YZ3na6nndKHgxc41Ph8I+N1GFov983U5Wmgqm30r1nbAZZOxv2 CyKWYfBgsqSBIU+sLRpvI8mitEaC3SlDxLGKLYTot9Fevd307MbJlt9KGIgu+Ng52G4o Rx8ydnQZgXPBQdZTy3Mnt/nTK3IksXf132BgqEvaY3GIDBLTTR8Paigf+qBvYh4OHun4 oJBMlKhrQQZOgEb0ErmKGT5k7aSl2Mj4qtV/mdE+q+MVex3BMVGg4GbK6ALsfVcDNDoo l5KUCQqsPWUy1jRFGepnI+br/nETWBLfFvZDJH4Vu6gNpWg2HZNt5N66TG10zVErvy7R Oq6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 37si21403271plq.210.2019.01.11.09.23.23; Fri, 11 Jan 2019 09:23:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732855AbfAKNuA (ORCPT + 99 others); Fri, 11 Jan 2019 08:50:00 -0500 Received: from mx1.redhat.com ([209.132.183.28]:39834 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729947AbfAKNt7 (ORCPT ); Fri, 11 Jan 2019 08:49:59 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CAE5C3DBD2; Fri, 11 Jan 2019 13:49:59 +0000 (UTC) Received: from flask (unknown [10.40.205.161]) by smtp.corp.redhat.com (Postfix) with SMTP id 53AFC1000049; Fri, 11 Jan 2019 13:49:57 +0000 (UTC) Received: by flask (sSMTP sendmail emulation); Fri, 11 Jan 2019 14:49:56 +0100 Date: Fri, 11 Jan 2019 14:49:56 +0100 From: Radim =?utf-8?B?S3LEjW3DocWZ?= To: Tomas Bortoli Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller@googlegroups.com Subject: Re: [PATCH] KVM: validate userspace input in kvm_clear_dirty_log_protect() Message-ID: <20190111134955.GE14852@flask> References: <20190102172937.28741-1-tomasbortoli@gmail.com> <99de332c-d4e3-0628-8ad1-982032e67690@redhat.com> <8418f6c8-0fc8-e22c-c39a-bfcaee7471e2@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8418f6c8-0fc8-e22c-c39a-bfcaee7471e2@gmail.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 11 Jan 2019 13:49:59 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2019-01-08 17:28+0100, Tomas Bortoli: > Hi Paolo, > > On 1/7/19 11:42 PM, Paolo Bonzini wrote: > > On 02/01/19 18:29, Tomas Bortoli wrote: > >> n = kvm_dirty_bitmap_bytes(memslot); > >> + > >> + if (n << 3 < log->num_pages || log->first_page > log->num_pages) > >> + return -EINVAL; > >> + > > > > This should be > > > > if (log->first_page > memslot->npages || (Wouldn't this be clearer with a >= instead?) > > log->num_pages > memslot->npages - log->first_page) > > return -EINVAL; > > > > i.e. the comparison should check the last page in the range, not the > > number of pages. In addition, using "n" is unnecessary since we do have > > the memslot. I'll do the changes myself if you prefer, but an ack would > > be nice. > > > > > > > Yeah, I agree. Thanks for the reply and sure you can do the changes, np :) Done that and applied, thanks.