diff options
author | David Hildenbrand <david@redhat.com> | 2019-07-22 15:41:03 +0200 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2019-07-25 07:57:49 -0400 |
commit | ffa207d08253ffffb3993a1dbe09e40af4fc91f1 (patch) | |
tree | 0ff22de456194441ad60bba6de278b59b6538c02 /hw/virtio | |
parent | ee4b0c8686f781987879508d7c6dd605b5435bac (diff) | |
download | qemu-ffa207d08253ffffb3993a1dbe09e40af4fc91f1.zip qemu-ffa207d08253ffffb3993a1dbe09e40af4fc91f1.tar.gz qemu-ffa207d08253ffffb3993a1dbe09e40af4fc91f1.tar.bz2 |
virtio-balloon: Fix wrong sign extension of PFNs
If we directly cast from int to uint64_t, we will first sign-extend to
an int64_t, which is wrong. We actually want to treat the PFNs like
unsigned values.
As far as I can see, this dates back to the initial virtio-balloon
commit, but wasn't triggered as fairly big guests would be required.
Cc: qemu-stable@nongnu.org
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190722134108.22151-2-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'hw/virtio')
-rw-r--r-- | hw/virtio/virtio-balloon.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index e85d1c0..515abf6 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -343,8 +343,8 @@ static void virtio_balloon_handle_output(VirtIODevice *vdev, VirtQueue *vq) } while (iov_to_buf(elem->out_sg, elem->out_num, offset, &pfn, 4) == 4) { + unsigned int p = virtio_ldl_p(vdev, &pfn); hwaddr pa; - int p = virtio_ldl_p(vdev, &pfn); pa = (hwaddr) p << VIRTIO_BALLOON_PFN_SHIFT; offset += 4; |