From: VMware, Inc <>
Date: Fri, 12 Apr 2013 19:42:02 +0000 (-0700)
Subject: Fix an overflow on 32bits windows balloon driver.
X-Git-Tag: 2013.04.16-1098359~73
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8a03d067cd508ea94fbcacf2def0e06fa0cc5d08;p=thirdparty%2Fopen-vm-tools.git

Fix an overflow on 32bits windows balloon driver.

On 32bits windows with PAE, the PPN_2_PA macro could overflow
since a PPN is represented by a 32bits integer. This could lead
to memory corruption since the ballooned page would be truncated
ones.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
---

diff --git a/open-vm-tools/modules/shared/vmmemctl/balloonInt.h b/open-vm-tools/modules/shared/vmmemctl/balloonInt.h
index 8bdefa5a8..684af098e 100644
--- a/open-vm-tools/modules/shared/vmmemctl/balloonInt.h
+++ b/open-vm-tools/modules/shared/vmmemctl/balloonInt.h
@@ -107,7 +107,7 @@
 #define	STATS_DEC(stat)
 #endif
 
-#define PPN_2_PA(_ppn)  ((_ppn) << PAGE_SHIFT)
+#define PPN_2_PA(_ppn)  ((PPN64)(_ppn) << PAGE_SHIFT)
 #define PA_2_PPN(_pa)   ((_pa) >> PAGE_SHIFT)
 
 #endif /* !BALLOONINT_H_ */