vhost: Fix size of dirty log sync on resize

When the vhost log is resized, we want to sync up to
the size of the old log.  With that end address in place,
ignore regions that start after then end rather than
hitting assert.

This also addresses the following crash report:
When migrating a vm using vhost-net we hit the following assertion:

qemu-kvm: /usr/src/packages/BUILD/qemu-kvm-0.15.1/hw/vhost.c:30:
vhost_dev_sync_region: Assertion `start / (0x1000 * (8 *
sizeof(vhost_log_chunk_t))) < dev->log_size' failed.

The cases which the end < start check is intended to catch, such as
for vga video memory, will also likely trigger the assertion.
Reorder the code to handle this correctly.
Reported-by: NJosh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: NBruce Rogers <brogers@suse.com>
Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

hw/vhost.c

@@ -31,11 +31,11 @@ static void vhost_dev_sync_region(struct vhost_dev *dev,
     vhost_log_chunk_t *to = dev->log + end / VHOST_LOG_CHUNK + 1;
     uint64_t addr = (start / VHOST_LOG_CHUNK) * VHOST_LOG_CHUNK;
 
-    assert(end / VHOST_LOG_CHUNK < dev->log_size);
-    assert(start / VHOST_LOG_CHUNK < dev->log_size);
     if (end < start) {
         return;
     }
+    assert(end / VHOST_LOG_CHUNK < dev->log_size);
+
     for (;from < to; ++from) {
         vhost_log_chunk_t log;
         int bit;
@@ -277,8 +277,9 @@ static inline void vhost_dev_log_resize(struct vhost_dev* dev, uint64_t size)
     r = ioctl(dev->control, VHOST_SET_LOG_BASE, &log_base);
     assert(r >= 0);
     for (i = 0; i < dev->n_mem_sections; ++i) {
-        vhost_sync_dirty_bitmap(dev, &dev->mem_sections[i],
-                                0, (target_phys_addr_t)~0x0ull);
+        /* Sync only the range covered by the old log */
+        vhost_sync_dirty_bitmap(dev, &dev->mem_sections[i], 0,
+                                dev->log_size * VHOST_LOG_CHUNK - 1);
     }
     if (dev->log) {
         g_free(dev->log);