Alex Williamson b336fa0bb9 vfio/type1: Fix unmap overflow off-by-one ... commit 58fec830fc upstream. The below referenced commit adds a test for integer overflow, but in doing so prevents the unmap ioctl from ever including the last page of the address space. Subtract one to compare to the last address of the unmap to avoid the overflow and wrap-around. Fixes: 71a7d3d78e ("vfio/type1: silence integer overflow warning") Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291 Cc: stable@vger.kernel.org # v4.15+ Reported-by: Pei Zhang <pezhang@redhat.com> Debugged-by: Peter Xu <peterx@redhat.com> Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Peter Xu <peterx@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-01-16 22:03:24 +01:00
..
mdev	vfio/mdev: Re-order sysfs attribute creation	2018-06-08 10:24:30 -06:00
pci	vfio/pci: Mask buggy SR-IOV VF INTx support	2018-09-25 13:01:27 -06:00
platform	vfio: platform: Fix using devices in PM Domains	2018-06-08 10:24:37 -06:00
Kconfig	drivers/vfio: Allow type-1 IOMMU instantiation with all ARM/ARM64 IOMMUs	2018-09-25 13:01:28 -06:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
vfio_iommu_spapr_tce.c	KVM: PPC: Optimize clearing TCEs for sparse tables	2018-10-20 20:47:02 +11:00
vfio_iommu_type1.c	vfio/type1: Fix unmap overflow off-by-one	2019-01-16 22:03:24 +01:00
vfio_spapr_eeh.c	drivers/vfio: Support EEH error injection	2015-05-12 20:33:35 +10:00
vfio.c	vfio: use match_string() helper	2018-06-08 10:24:33 -06:00
virqfd.c	fs: add new vfs_poll and file_can_poll helpers	2018-05-26 09:16:44 +02:00