From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Nuna0-0002xe-Kl
	for qemu-devel@nongnu.org; Thu, 25 Mar 2010 09:58:36 -0400
Received: from [140.186.70.92] (port=43171 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NunZz-0002wi-Hy
	for qemu-devel@nongnu.org; Thu, 25 Mar 2010 09:58:36 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <agl@us.ibm.com>) id 1NunZx-0000pT-Rr
	for qemu-devel@nongnu.org; Thu, 25 Mar 2010 09:58:35 -0400
Received: from e34.co.us.ibm.com ([32.97.110.152]:45095)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <agl@us.ibm.com>) id 1NunZx-0000p6-Me
	for qemu-devel@nongnu.org; Thu, 25 Mar 2010 09:58:33 -0400
Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com
	[9.17.195.106])
	by e34.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id o2PDpiUM000454
	for <qemu-devel@nongnu.org>; Thu, 25 Mar 2010 07:51:44 -0600
Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170])
	by d03relay04.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	o2PDwJaF110094
	for <qemu-devel@nongnu.org>; Thu, 25 Mar 2010 07:58:20 -0600
Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1])
	by d03av04.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP
	id o2PDwIlC002458
	for <qemu-devel@nongnu.org>; Thu, 25 Mar 2010 07:58:19 -0600
Message-ID: <4BAB6BF9.30701@us.ibm.com>
Date: Thu, 25 Mar 2010 08:58:17 -0500
From: Adam Litke <agl@us.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [PATCH] balloon: Fix overflow when reporting actual
	memory size
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: anthony@codemonkey.ws
Cc: qemu-devel@nongnu.org

Beginning with its introduction, the virtio balloon has had an overflow error
that causes 'info balloon' to misreport the actual memory size when the balloon
itself becomes larger than 4G.  Use a cast when converting dev->actual from
pages to kB to prevent overflows.

Before:
(qemu) info balloon
balloon: actual=5120
(qemu) balloon 1025
(qemu) info balloon
balloon: actual=1025
(qemu) balloon 1024
(qemu) info balloon
balloon: actual=5120

After:
(qemu) info balloon
balloon: actual=5120
(qemu) balloon 1025
(qemu) info balloon
balloon: actual=1025
(qemu) balloon 1024
(qemu) info balloon
balloon: actual=1024

Signed-off-by: Adam Litke <agl@us.ibm.com>
---
 hw/virtio-balloon.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 086d9d1..6eedab1 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -78,7 +78,8 @@ static void stat_put(QDict *dict, const char *label, uint64_t val)
 static QObject *get_stats_qobject(VirtIOBalloon *dev)
 {
     QDict *dict = qdict_new();
-    uint32_t actual = ram_size - (dev->actual << VIRTIO_BALLOON_PFN_SHIFT);
+    uint64_t actual = ram_size - ((uint64_t) dev->actual <<
+                                  VIRTIO_BALLOON_PFN_SHIFT);
 
     stat_put(dict, "actual", actual);
     stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);
-- 
1.6.3.3