mirror of
https://gitlab.com/qemu-project/qemu
synced 2024-11-05 20:35:44 +00:00
dcc6ceffc0
Because dev->actual is uint32_t, the expression 'dev->actual <<
VIRTIO_BALLOON_PFN_SHIFT' is truncated to 32 bits. This overflows when
dev->actual >= 1048576.
To reproduce:
1. Start a VM with a QMP socket and 5G of RAM
2. Connect to the QMP socket, negotiate capabilities and issue:
{ "execute":"balloon", "arguments": { "value": 1073741824 } }
3. Watch for BALLOON_CHANGE QMP events, the last one will incorretly be:
{ "timestamp": { "seconds": 1366228965, "microseconds": 245466 },
"event": "BALLOON_CHANGE", "data": { "actual": 5368709120 } }
To fix it this commit casts it to ram_addr_t, which is ram_size's type.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||
|---|---|---|
| .. | ||
| 9pfs | ||
| acpi | ||
| alpha | ||
| arm | ||
| audio | ||
| block | ||
| bt | ||
| char | ||
| core | ||
| cpu | ||
| cris | ||
| display | ||
| dma | ||
| gpio | ||
| i2c | ||
| i386 | ||
| ide | ||
| input | ||
| intc | ||
| isa | ||
| lm32 | ||
| m68k | ||
| microblaze | ||
| mips | ||
| misc | ||
| moxie | ||
| net | ||
| nvram | ||
| openrisc | ||
| pci | ||
| pci-bridge | ||
| pci-host | ||
| ppc | ||
| s390x | ||
| scsi | ||
| sd | ||
| sh4 | ||
| sparc | ||
| sparc64 | ||
| ssi | ||
| timer | ||
| tpm | ||
| unicore32 | ||
| usb | ||
| virtio | ||
| watchdog | ||
| xen | ||
| xtensa | ||
| Makefile.objs | ||