Anthony Liguori
2008-Aug-18 22:15 UTC
[PATCH] virtio_balloon: fix towards_target when deflating balloon
Both v and vb->num_pages are u32 and unsigned int respectively. If v is less than vb->num_pages (and it is, when deflating the balloon), the result is a very large 32-bit number. Since we're returning a s64, instead of getting the same negative number we desire, we get a very large positive number. This handles the case where v < vb->num_pages and ensures we get a small, negative, s64 as the result. Rusty: please push this for 2.6.27-rc4. It's probably appropriate for the stable tree too as it will cause an unexpected OOM when ballooning. Signed-off-by: Anthony Liguori <aliguori at us.ibm.com> diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c index bfef604..bd3c384 100644 --- a/drivers/virtio/virtio_balloon.c +++ b/drivers/virtio/virtio_balloon.c @@ -158,7 +158,10 @@ static inline s64 towards_target(struct virtio_balloon *vb) vb->vdev->config->get(vb->vdev, offsetof(struct virtio_balloon_config, num_pages), &v, sizeof(v)); - return v - vb->num_pages; + if (v < vb->num_pages) + return -(s64)(vb->num_pages - v); + else + return v - vb->num_pages; } static void update_balloon_size(struct virtio_balloon *vb)
Linus Torvalds
2008-Aug-19 00:42 UTC
[PATCH] virtio_balloon: fix towards_target when deflating balloon
On Mon, 18 Aug 2008, Anthony Liguori wrote: <> > This handles the case where v < vb->num_pages and ensures we get a > small, negative, s64 as the result.That's just horrible code. Maybe the compiler notices that you're doing something stupid, but basically, please don't do this.> - return v - vb->num_pages; > + if (v < vb->num_pages) > + return -(s64)(vb->num_pages - v); > + else > + return v - vb->num_pages;What's wrong with just doing return (s64)v - vb->num_pages; instead? Casting 'v' to s64 guarantees that the subtraction will eb done in 64 bits, and the compiler can just generate the trivial non-conditional code. Linus
Rusty Russell
2008-Aug-19 01:22 UTC
[PATCH] virtio_balloon: fix towards_target when deflating balloon
On Tuesday 19 August 2008 08:15:31 Anthony Liguori wrote:> - return v - vb->num_pages; > + if (v < vb->num_pages) > + return -(s64)(vb->num_pages - v); > + else > + return v - vb->num_pages;With all due respect, WTF? Did you mean: return (s64)v - vb->num_pages; I'm really amazed this bug got this far though... Rusty.
Reasonably Related Threads
- [PATCH] virtio_balloon: fix towards_target when deflating balloon
- [PATCH] virtio_balloon: Fix endless deflation and inflation on arm64
- [PATCH] virtio_balloon: Fix endless deflation and inflation on arm64
- [PATCH v2 1/6] virtio_balloon: transitional interface
- [PATCH v2 1/6] virtio_balloon: transitional interface