From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:58236)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mark.langsdorf@calxeda.com>) id 1S61Ba-0002HH-CE
	for qemu-devel@nongnu.org; Fri, 09 Mar 2012 09:53:10 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mark.langsdorf@calxeda.com>) id 1S61BB-0007dd-ON
	for qemu-devel@nongnu.org; Fri, 09 Mar 2012 09:52:49 -0500
Received: from smtp131.dfw.emailsrvr.com ([67.192.241.131]:56807)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mark.langsdorf@calxeda.com>) id 1S61BB-0007ch-Jj
	for qemu-devel@nongnu.org; Fri, 09 Mar 2012 09:52:25 -0500
Message-ID: <4F5A193B.2080200@calxeda.com>
Date: Fri, 09 Mar 2012 08:52:43 -0600
From: Mark Langsdorf <mark.langsdorf@calxeda.com>
MIME-Version: 1.0
References: <1331225951-31306-1-git-send-email-mark.langsdorf@calxeda.com>
	<m3eht2jfci.fsf@blackfin.pond.sub.org>
	<4F5A0288.6090809@calxeda.com>
	<m3boo597ud.fsf@blackfin.pond.sub.org>
In-Reply-To: <m3boo597ud.fsf@blackfin.pond.sub.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] use an unsigned long for the max_sz
 parameter in load_image_targphys
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Markus Armbruster <armbru@redhat.com>
Cc: "david@gibson.dropbear.id.au" <david@gibson.dropbear.id.au>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, "agraf@suse.de" <agraf@suse.de>

On 03/09/2012 08:17 AM, Markus Armbruster wrote:
> Mark Langsdorf <mark.langsdorf@calxeda.com> writes:
> 
>> On 03/09/2012 03:25 AM, Markus Armbruster wrote:
>>> get_image_size() returns int.  How does widening size and max_sz here
>>> improve things?
>>
>> If max_sz is greater than 2GB, then:
>>   int max_sz = 0xc0000000;
>>   int size =   0x300;
>>   if (size > max_sz)
>>       return -1;
>>
>> returns -1, even though size is much less than max_sz.
>>
>> doing it my way:
>>   unsigned long max_sz = 0xc0000000;
>>   unsigned long size =   0x300;
>>   if (size > max_sz)
>>       return -1;
>>
>> does not return -1.
> 
> The current code limits max_sz to INT_MAX.  Passing 0xc0000000 is a bug.
> 
> You want to relax the limit.  That's fair.  But I'm afraid your patch
> doesn't really relax the limit, or rather it relaxes it just by one bit.
> 
> Your example shows it works for a case where the higher limit isn't
> needed.  Let's examine three cases where it is: image sizes 2GiB, 4GiB
> and 5GiB on a host with 32 bit twos complement int, and 64 bit unsigned
> size_t, max_sz 0xc0000000.

I'm quite willing to leave the problem of people loading 2GiB images to
another day. Loading a 300KiB on an ARM machine with 4GiB of memory is
a problem I'm facing right now, though.

> I'm afraid you need to do more work to solve this problem.  If you're
> willing to do that, please check out
> http://lists.nongnu.org/archive/html/qemu-devel/2012-02/msg03627.html

I'm inclined to agree with David that this is not the issue I'm trying
to solve =)

--Mark Langsdorf
Calxeda, Inc.