From: Adam Litke <agl@us.ibm.com>
Date: Thu, 25 Mar 2010 13:58:17 +0000 (-0500)
Subject: balloon: Fix overflow when reporting actual memory size
X-Git-Tag: v0.13.0-rc0~961
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bd12ff9df78b0d04059a35c4a9d0a9337eb4999e;p=thirdparty%2Fqemu.git

balloon: Fix overflow when reporting actual memory size

Beginning with its introduction, the virtio balloon has had an overflow error
that causes 'info balloon' to misreport the actual memory size when the balloon
itself becomes larger than 4G.  Use a cast when converting dev->actual from
pages to kB to prevent overflows.

Before:
(qemu) info balloon
balloon: actual=5120
(qemu) balloon 1025
(qemu) info balloon
balloon: actual=1025
(qemu) balloon 1024
(qemu) info balloon
balloon: actual=5120

After:
(qemu) info balloon
balloon: actual=5120
(qemu) balloon 1025
(qemu) info balloon
balloon: actual=1025
(qemu) balloon 1024
(qemu) info balloon
balloon: actual=1024

Signed-off-by: Adam Litke <agl@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---

diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 6d120247fe4..f55f7eccb93 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -78,7 +78,8 @@ static void stat_put(QDict *dict, const char *label, uint64_t val)
 static QObject *get_stats_qobject(VirtIOBalloon *dev)
 {
     QDict *dict = qdict_new();
-    uint32_t actual = ram_size - (dev->actual << VIRTIO_BALLOON_PFN_SHIFT);
+    uint64_t actual = ram_size - ((uint64_t) dev->actual <<
+                                  VIRTIO_BALLOON_PFN_SHIFT);
 
     stat_put(dict, "actual", actual);
     stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);