This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [PATCH]: hvmloader: Fixed get_memsize() overflow

To: xen-devel@xxxxxxxxxxxxxxxxxxx, keir.fraser@xxxxxxxxxx, joe.jin@xxxxxxxxxx
Subject: [Xen-devel] [PATCH]: hvmloader: Fixed get_memsize() overflow
From: Joe Jin <joe.jin@xxxxxxxxxx>
Date: Fri, 24 Jul 2009 10:55:40 +0800
Cc: kurt.hackel@xxxxxxxxxx, greg.marsden@xxxxxxxxxx, deepak.patel@xxxxxxxxxx, andrew.thomas@xxxxxxxxxx
Delivery-date: Thu, 23 Jul 2009 19:56:33 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/

When hvmloader calculate memory via get_memsize(), we have to cast 
hvm_info->high_mem_pgend to uint64_t, or may overflow and made hvm
guest bootup failed.

How to reproduce:
  Set memory size more than 3840M and the value a little less than
  multi 1024M like 4095, 4094, 8024 and so on, boot hvm will failed.

Signed-off-by: Joe Jin <joe.jin@xxxxxxxxxx>
Cc: Keir Fraser <keir.fraser@xxxxxxxxxx>

 smbios.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -r c0cb307d927f tools/firmware/hvmloader/smbios.c
--- a/tools/firmware/hvmloader/smbios.c Mon Jul 13 12:35:34 2009 +0100
+++ b/tools/firmware/hvmloader/smbios.c Fri Jul 24 10:24:28 2009 +0800
@@ -148,7 +148,7 @@
     sz = (uint64_t)hvm_info->low_mem_pgend << PAGE_SHIFT;
     if ( hvm_info->high_mem_pgend )
-        sz += (hvm_info->high_mem_pgend << PAGE_SHIFT) - (1ull << 32);
+        sz += ((uint64_t)hvm_info->high_mem_pgend << PAGE_SHIFT) - (1ull << 
      * Round up to the nearest MB.  The user specifies domU pseudo-physical 

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH]: hvmloader: Fixed get_memsize() overflow, Joe Jin <=