From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org,
Juan Quintela <quintela@redhat.com>, Fam Zheng <fam@euphon.net>,
Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [PATCH 2/2] migration: Define BLK_MIG_BLOCK_SIZE as unsigned long long
Date: Thu, 21 Jul 2022 13:07:20 +0100 [thread overview]
Message-ID: <YtlBeDapF2xxtqbJ@work-vm> (raw)
In-Reply-To: <20220721115207.729615-3-peter.maydell@linaro.org>
* Peter Maydell (peter.maydell@linaro.org) wrote:
> When we use BLK_MIG_BLOCK_SIZE in expressions like
> block_mig_state.submitted * BLK_MIG_BLOCK_SIZE, this multiplication
> is done as 32 bits, because both operands are 32 bits. Coverity
> complains about possible overflows because we then accumulate that
> into a 64 bit variable.
>
> Define BLK_MIG_BLOCK_SIZE as unsigned long long using the ULL suffix.
> The only two current uses of it with this problem are both in
> block_save_pending(), so we could just cast to uint64_t there, but
> using the ULL suffix is simpler and ensures that we don't
> accidentally introduce new variants of the same issue in future.
>
> Resolves: Coverity CID 1487136, 1487175
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> I haven't tried to analyse the code to see if the multiplications
> could ever actually end up overflowing, but I would assume
> probably not.
>
> migration/block.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/migration/block.c b/migration/block.c
> index 9e5aae58982..3577c815a94 100644
> --- a/migration/block.c
> +++ b/migration/block.c
> @@ -28,7 +28,7 @@
> #include "sysemu/block-backend.h"
> #include "trace.h"
>
> -#define BLK_MIG_BLOCK_SIZE (1 << 20)
> +#define BLK_MIG_BLOCK_SIZE (1ULL << 20)
Is it a problem that this is passed to bdrv_create_dirty_bitmap that
takes a uint32_t ?
Dave
> #define BDRV_SECTORS_PER_DIRTY_CHUNK (BLK_MIG_BLOCK_SIZE >> BDRV_SECTOR_BITS)
>
> #define BLK_MIG_FLAG_DEVICE_BLOCK 0x01
> --
> 2.25.1
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2022-07-21 12:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-21 11:52 [PATCH 0/2] migration: fix coverity nits Peter Maydell
2022-07-21 11:52 ` [PATCH 1/2] migration: Assert that migrate_multifd_compression() returns an in-range value Peter Maydell
2022-07-21 12:02 ` Dr. David Alan Gilbert
2022-07-22 11:00 ` Juan Quintela
2022-07-21 11:52 ` [PATCH 2/2] migration: Define BLK_MIG_BLOCK_SIZE as unsigned long long Peter Maydell
2022-07-21 12:07 ` Dr. David Alan Gilbert [this message]
2022-07-21 12:44 ` Peter Maydell
2022-07-21 13:06 ` Dr. David Alan Gilbert
2022-07-22 12:47 ` Juan Quintela
2022-08-01 10:38 ` [PATCH 0/2] migration: fix coverity nits Peter Maydell
2022-08-02 13:49 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtlBeDapF2xxtqbJ@work-vm \
--to=dgilbert@redhat.com \
--cc=fam@euphon.net \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).