[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 47/97] virtio-balloon: Fix wrong sign extension of PFNs
From: |
Michael Roth |
Subject: |
[PATCH 47/97] virtio-balloon: Fix wrong sign extension of PFNs |
Date: |
Tue, 1 Oct 2019 18:45:26 -0500 |
From: David Hildenbrand <address@hidden>
If we directly cast from int to uint64_t, we will first sign-extend to
an int64_t, which is wrong. We actually want to treat the PFNs like
unsigned values.
As far as I can see, this dates back to the initial virtio-balloon
commit, but wasn't triggered as fairly big guests would be required.
Cc: address@hidden
Reported-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: David Gibson <address@hidden>
(cherry picked from commit ffa207d08253ffffb3993a1dbe09e40af4fc91f1)
Signed-off-by: Michael Roth <address@hidden>
---
hw/virtio/virtio-balloon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 5579260fd4..49194f5638 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -343,8 +343,8 @@ static void virtio_balloon_handle_output(VirtIODevice
*vdev, VirtQueue *vq)
}
while (iov_to_buf(elem->out_sg, elem->out_num, offset, &pfn, 4) == 4) {
+ unsigned int p = virtio_ldl_p(vdev, &pfn);
hwaddr pa;
- int p = virtio_ldl_p(vdev, &pfn);
pa = (hwaddr) p << VIRTIO_BALLOON_PFN_SHIFT;
offset += 4;
--
2.17.1
- [PATCH 56/97] tpm: Exit in reset when backend indicates failure, (continued)
- [PATCH 56/97] tpm: Exit in reset when backend indicates failure, Michael Roth, 2019/10/01
- [PATCH 35/97] docs: recommend use of md-clear feature on all Intel CPUs, Michael Roth, 2019/10/01
- [PATCH 38/97] virtio-balloon: fix QEMU 4.0 config size migration incompatibility, Michael Roth, 2019/10/01
- [PATCH 49/97] virtio-balloon: Simplify deflate with pbp, Michael Roth, 2019/10/01
- [PATCH 44/97] hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[], Michael Roth, 2019/10/01
- [PATCH 51/97] virtio-balloon: Rework pbp tracking data, Michael Roth, 2019/10/01
- [PATCH 39/97] docs/interop/bitmaps.rst: Fix typos, Michael Roth, 2019/10/01
- [PATCH 43/97] hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory, Michael Roth, 2019/10/01
- [PATCH 32/97] vl: Fix -drive / -blockdev persistent reservation management, Michael Roth, 2019/10/01
- [PATCH 42/97] hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs, Michael Roth, 2019/10/01
- [PATCH 47/97] virtio-balloon: Fix wrong sign extension of PFNs,
Michael Roth <=
- [PATCH 57/97] tpm_emulator: Translate TPM error codes to strings, Michael Roth, 2019/10/01
- [PATCH 48/97] virtio-balloon: Fix QEMU crashes on pagesize > BALLOON_PAGE_SIZE, Michael Roth, 2019/10/01
- [PATCH 41/97] docs/bitmaps: use QMP lexer instead of json, Michael Roth, 2019/10/01
- [PATCH 53/97] virtio-balloon: don't track subpages for the PBP, Michael Roth, 2019/10/01
- [PATCH 50/97] virtio-balloon: Better names for offset variables in inflate/deflate code, Michael Roth, 2019/10/01
- [PATCH 55/97] i386/acpi: fix gint overflow in crs_range_compare, Michael Roth, 2019/10/01
- [PATCH 45/97] ioapic: kvm: Skip route updates for masked pins, Michael Roth, 2019/10/01
- [PATCH 03/97] qcow2: Fix full preallocation with external data file, Michael Roth, 2019/10/01
- [PATCH 36/97] virtio-pci: fix missing device properties, Michael Roth, 2019/10/01
- [PATCH 05/97] qcow2: Fix qcow2_make_empty() with external data file, Michael Roth, 2019/10/01