Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp348537pxj;
        Thu, 24 Jun 2021 00:11:39 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzvg7Gxcz6dXlkwDG5bJQcxrmOKVq6i4ZAyso864PTPmg1muRpFLnYR1HGu9c47phrb7b0u
X-Received: by 2002:a17:906:7012:: with SMTP id n18mr3938760ejj.236.1624518699620;
        Thu, 24 Jun 2021 00:11:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624518699; cv=none;
        d=google.com; s=arc-20160816;
        b=UoRK8uYn4sx0/2YSUOyoEu+W9PTXnQ9hAQHpm+U7CVsiahWAb32f1FROs1GqYw1eUy
         DtGo0bGiBhEK0GZ3WB1OXkPcFexwCIbVsxhLFFGipe7yvvDBCMSXPjtCh2IxYKIbpK8T
         rD7zszf6Q10/OfjbRk/ayMqXRH65h9l+HBsoPksPJpEIZBQD0mUfVxAKgJeYd92TwtCf
         Xh7MTA7tTI7uKrbogM2a/kpCKCBLWAV4cj+FEZuzNSU+tq2qKWhTKjKi3+FVq3AswS6t
         Eo/TVcu9jEzFK+dVxYxOqytrCDCJNZq+AaI3i0VJjB2FDT6DzxVe2Fp5juKL9CJsxlJv
         /VxA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=2S6jXe9+4MsH2be0uYE2N0F8d1Cu21bQZTFO/Fa5eBg=;
        b=QW8aZBzOtgytQnMn9PA8DP+Rcjf+8SO4yQ8Si2jG7Szv2DsHKFhs0hq6lf1lYiBfAz
         aeZEnrWK87MZtLjJX+KA7NEVUCNQrZeWwn8q+YO5yXQHIp9cU9NvnB3kwzstezkFbaN0
         fnRo+11JWn8sNBEzapfnvQcTv1z8nCwVjcw6vYGXgzwdKc0SnAJp8jEogDwToe8r92iN
         e4cUfy2jRIeu/smnquWvOQzBVSrar9nIaPUg5uldfoSmTgNlrQddLv2GxSD0tyNXAW6e
         js9WbOWQGSnMBTKSmK6esodjuWI0R84BGZ6IX1XpZtf3sUC+e95fsNC7W6WNnryaAJig
         AJow==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z5si2325091edb.470.2021.06.24.00.11.16;
        Thu, 24 Jun 2021 00:11:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231615AbhFXHMC (ORCPT <rfc822;mafatlaija@gmail.com> + 99 others);
        Thu, 24 Jun 2021 03:12:02 -0400
Received: from szxga02-in.huawei.com ([45.249.212.188]:8436 "EHLO
        szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231722AbhFXHLz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 Jun 2021 03:11:55 -0400
Received: from dggemv711-chm.china.huawei.com (unknown [172.30.72.54])
        by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4G9WQK1F5nzZklD;
        Thu, 24 Jun 2021 15:06:33 +0800 (CST)
Received: from dggema764-chm.china.huawei.com (10.1.198.206) by
 dggemv711-chm.china.huawei.com (10.1.198.66) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id
 15.1.2176.2; Thu, 24 Jun 2021 15:09:34 +0800
Received: from DESKTOP-8RFUVS3.china.huawei.com (10.174.185.179) by
 dggema764-chm.china.huawei.com (10.1.198.206) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.2176.2; Thu, 24 Jun 2021 15:09:34 +0800
From:   Zenghui Yu <yuzenghui@huawei.com>
To:     <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <pbonzini@redhat.com>, <vkuznets@redhat.com>
CC:     <wanghaibin.wang@huawei.com>, Zenghui Yu <yuzenghui@huawei.com>
Subject: [PATCH] KVM: selftests: Fix mapping length truncation in m{,un}map()
Date:   Thu, 24 Jun 2021 15:09:31 +0800
Message-ID: <20210624070931.565-1-yuzenghui@huawei.com>
X-Mailer: git-send-email 2.23.0.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.174.185.179]
X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To
 dggema764-chm.china.huawei.com (10.1.198.206)
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

max_mem_slots is now declared as uint32_t. The result of (0x200000 * 32767)
is unexpectedly truncated to be 0xffe00000, whilst we actually need to
allocate about, 63GB. Cast max_mem_slots to size_t in both mmap() and
munmap() to fix the length truncation.

We'll otherwise see the failure on arm64 thanks to the access_ok() checking
in __kvm_set_memory_region(), as the unmapped VA happen to go beyond the
task's allowed address space.

 # ./set_memory_region_test
Allowed number of memory slots: 32767
Adding slots 0..32766, each memory region with 2048K size
==== Test Assertion Failure ====
  set_memory_region_test.c:391: ret == 0
  pid=94861 tid=94861 errno=22 - Invalid argument
     1	0x00000000004015a7: test_add_max_memory_regions at set_memory_region_test.c:389
     2	 (inlined by) main at set_memory_region_test.c:426
     3	0x0000ffffb8e67bdf: ?? ??:0
     4	0x00000000004016db: _start at :?
  KVM_SET_USER_MEMORY_REGION IOCTL failed,
  rc: -1 errno: 22 slot: 2615

Fixes: 3bf0fcd75434 ("KVM: selftests: Speed up set_memory_region_test")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
---
 tools/testing/selftests/kvm/set_memory_region_test.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/kvm/set_memory_region_test.c b/tools/testing/selftests/kvm/set_memory_region_test.c
index d79d58eada9f..85b18bb8f762 100644
--- a/tools/testing/selftests/kvm/set_memory_region_test.c
+++ b/tools/testing/selftests/kvm/set_memory_region_test.c
@@ -376,7 +376,7 @@ static void test_add_max_memory_regions(void)
 	pr_info("Adding slots 0..%i, each memory region with %dK size\n",
 		(max_mem_slots - 1), MEM_REGION_SIZE >> 10);
 
-	mem = mmap(NULL, MEM_REGION_SIZE * max_mem_slots + alignment,
+	mem = mmap(NULL, (size_t)max_mem_slots * MEM_REGION_SIZE + alignment,
 		   PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 	TEST_ASSERT(mem != MAP_FAILED, "Failed to mmap() host");
 	mem_aligned = (void *)(((size_t) mem + alignment - 1) & ~(alignment - 1));
@@ -401,7 +401,7 @@ static void test_add_max_memory_regions(void)
 	TEST_ASSERT(ret == -1 && errno == EINVAL,
 		    "Adding one more memory slot should fail with EINVAL");
 
-	munmap(mem, MEM_REGION_SIZE * max_mem_slots + alignment);
+	munmap(mem, (size_t)max_mem_slots * MEM_REGION_SIZE + alignment);
 	munmap(mem_extra, MEM_REGION_SIZE);
 	kvm_vm_free(vm);
 }
-- 
2.19.1