3 files changed, 30 insertions, 10 deletions

diff --git a/include/libvfio-user.h b/include/libvfio-user.h
index 4b08c22..f91f3c7 100644
--- a/include/libvfio-user.h
+++ b/include/libvfio-user.h
@@ -217,11 +217,14 @@ typedef ssize_t (vfu_region_access_cb_t)(vfu_ctx_t *vfu_ctx, char *buf,
                                          size_t count, loff_t offset,
                                          bool is_write);
 
-#define VFU_REGION_FLAG_READ    (1 << 0)
-#define VFU_REGION_FLAG_WRITE   (1 << 1)
-#define VFU_REGION_FLAG_RW      (VFU_REGION_FLAG_READ | VFU_REGION_FLAG_WRITE)
-#define VFU_REGION_FLAG_MEM     (1 << 2)    // if unset, bar is IO
-#define VFU_REGION_FLAG_ALWAYS_CB   (1 << 3)
+#define VFU_REGION_FLAG_READ      (1 << 0)
+#define VFU_REGION_FLAG_WRITE     (1 << 1)
+#define VFU_REGION_FLAG_RW        (VFU_REGION_FLAG_READ | VFU_REGION_FLAG_WRITE)
+/* If unset, this is an IO region. */
+#define VFU_REGION_FLAG_MEM       (1 << 2)
+#define VFU_REGION_FLAG_ALWAYS_CB (1 << 3)
+#define VFU_REGION_FLAG_MASK      (VFU_REGION_FLAG_RW | VFU_REGION_FLAG_MEM | \
+                                   VFU_REGION_FLAG_ALWAYS_CB)
 
 /**
  * Set up a device region.
diff --git a/lib/libvfio-user.c b/lib/libvfio-user.c
index 1ee4026..c9c78d6 100644
--- a/lib/libvfio-user.c
+++ b/lib/libvfio-user.c
@@ -1430,6 +1430,17 @@ vfu_setup_region(vfu_ctx_t *vfu_ctx, int region_idx, size_t size,
 
     assert(vfu_ctx != NULL);
 
+    if ((flags & ~(VFU_REGION_FLAG_MASK)) ||
+        (!(flags & VFU_REGION_FLAG_RW))) {
+        vfu_log(vfu_ctx, LOG_ERR, "invalid region flags");
+        return ERROR_INT(EINVAL);
+    }
+
+    if ((flags & VFU_REGION_FLAG_ALWAYS_CB) && (cb == NULL)) {
+        vfu_log(vfu_ctx, LOG_ERR, "VFU_REGION_FLAG_ALWAYS_CB needs callback");
+        return ERROR_INT(EINVAL);
+    }
+
     if ((mmap_areas == NULL) != (nr_mmap_areas == 0) ||
         (mmap_areas != NULL && fd == -1)) {
         vfu_log(vfu_ctx, LOG_ERR, "invalid mappable region arguments");
@@ -1451,11 +1462,6 @@ vfu_setup_region(vfu_ctx_t *vfu_ctx, int region_idx, size_t size,
         return ERROR_INT(EINVAL);
     }
 
-    if ((flags & VFU_REGION_FLAG_ALWAYS_CB) && (cb == NULL)) {
-        vfu_log(vfu_ctx, LOG_ERR, "VFU_REGION_FLAG_ALWAYS_CB needs callback");
-        return ERROR_INT(EINVAL);
-    }
-
     if (region_idx == VFU_PCI_DEV_MIGR_REGION_IDX &&
         size < vfu_get_migr_register_area_size()) {
         vfu_log(vfu_ctx, LOG_ERR, "invalid migration region size %zu", size);
diff --git a/test/py/test_setup_region.py b/test/py/test_setup_region.py
index c42100f..0e1ff7f 100644
--- a/test/py/test_setup_region.py
+++ b/test/py/test_setup_region.py
@@ -40,6 +40,17 @@ def test_device_set_irqs_setup():
     ctx = vfu_create_ctx(flags=LIBVFIO_USER_FLAG_ATTACH_NB)
     assert ctx != None
 
+def test_setup_region_bad_flags():
+    ret = vfu_setup_region(ctx, index=VFU_PCI_DEV_BAR2_REGION_IDX, size=0x10000,
+                           flags=0x400)
+    assert ret == -1
+    assert c.get_errno() == errno.EINVAL
+
+    ret = vfu_setup_region(ctx, index=VFU_PCI_DEV_BAR2_REGION_IDX, size=0x10000,
+                           flags=0)
+    assert ret == -1
+    assert c.get_errno() == errno.EINVAL
+
 def test_setup_region_bad_mmap_areas():
 
     f = tempfile.TemporaryFile()