Re: [PATCH v2 06/53] migration/rdma: Fix unwanted integer truncation
On 28/09/2023 21:19, Markus Armbruster wrote: > qio_channel_rdma_readv() assigns the size_t value of qemu_rdma_fill() > to an int variable before it adds it to @done / subtracts it from > @want, both size_t. Truncation when qemu_rdma_fill() copies more than > INT_MAX bytes. Seems vanishingly unlikely, but needs fixing all the > same. > > Fixes: 6ddd2d76ca6f (migration: convert RDMA to use QIOChannel interface) > Signed-off-by: Markus Armbruster Reviewed-by: Li Zhijian
Re: [PATCH v2 06/53] migration/rdma: Fix unwanted integer truncation
Markus Armbruster wrote: > qio_channel_rdma_readv() assigns the size_t value of qemu_rdma_fill() > to an int variable before it adds it to @done / subtracts it from > @want, both size_t. Truncation when qemu_rdma_fill() copies more than > INT_MAX bytes. Seems vanishingly unlikely, but needs fixing all the > same. > > Fixes: 6ddd2d76ca6f (migration: convert RDMA to use QIOChannel interface) > Signed-off-by: Markus Armbruster Reviewed-by: Juan Quintela
Re: [PATCH v2 06/53] migration/rdma: Fix unwanted integer truncation
Markus Armbruster writes: > qio_channel_rdma_readv() assigns the size_t value of qemu_rdma_fill() > to an int variable before it adds it to @done / subtracts it from > @want, both size_t. Truncation when qemu_rdma_fill() copies more than > INT_MAX bytes. Seems vanishingly unlikely, but needs fixing all the > same. > > Fixes: 6ddd2d76ca6f (migration: convert RDMA to use QIOChannel interface) > Signed-off-by: Markus Armbruster > --- > migration/rdma.c | 14 +++--- > 1 file changed, 7 insertions(+), 7 deletions(-) > > diff --git a/migration/rdma.c b/migration/rdma.c > index 4289346617..5f423f66f0 100644 > --- a/migration/rdma.c > +++ b/migration/rdma.c > @@ -2852,7 +2852,7 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc, > RDMAControlHeader head; > int ret = 0; > ssize_t i; > -size_t done = 0; > +size_t done = 0, len; > > RCU_READ_LOCK_GUARD(); > rdma = qatomic_rcu_read(>rdmain); > @@ -2873,9 +2873,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc, > * were given and dish out the bytes until we run > * out of bytes. > */ > -ret = qemu_rdma_fill(rdma, data, want, 0); > -done += ret; > -want -= ret; > +len = qemu_rdma_fill(rdma, data, want, 0); > +done += len; > +want -= len; > /* Got what we needed, so go to next iovec */ > if (want == 0) { > continue; > @@ -2902,9 +2902,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc, > /* > * SEND was received with new bytes, now try again. > */ > -ret = qemu_rdma_fill(rdma, data, want, 0); > -done += ret; > -want -= ret; > +len = qemu_rdma_fill(rdma, data, want, 0); > +done += len; > +want -= len; > > /* Still didn't get enough, so lets just return */ > if (want) { Reviewed-by: Fabiano Rosas
[PATCH v2 06/53] migration/rdma: Fix unwanted integer truncation
qio_channel_rdma_readv() assigns the size_t value of qemu_rdma_fill() to an int variable before it adds it to @done / subtracts it from @want, both size_t. Truncation when qemu_rdma_fill() copies more than INT_MAX bytes. Seems vanishingly unlikely, but needs fixing all the same. Fixes: 6ddd2d76ca6f (migration: convert RDMA to use QIOChannel interface) Signed-off-by: Markus Armbruster --- migration/rdma.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/migration/rdma.c b/migration/rdma.c index 4289346617..5f423f66f0 100644 --- a/migration/rdma.c +++ b/migration/rdma.c @@ -2852,7 +2852,7 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc, RDMAControlHeader head; int ret = 0; ssize_t i; -size_t done = 0; +size_t done = 0, len; RCU_READ_LOCK_GUARD(); rdma = qatomic_rcu_read(>rdmain); @@ -2873,9 +2873,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc, * were given and dish out the bytes until we run * out of bytes. */ -ret = qemu_rdma_fill(rdma, data, want, 0); -done += ret; -want -= ret; +len = qemu_rdma_fill(rdma, data, want, 0); +done += len; +want -= len; /* Got what we needed, so go to next iovec */ if (want == 0) { continue; @@ -2902,9 +2902,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc, /* * SEND was received with new bytes, now try again. */ -ret = qemu_rdma_fill(rdma, data, want, 0); -done += ret; -want -= ret; +len = qemu_rdma_fill(rdma, data, want, 0); +done += len; +want -= len; /* Still didn't get enough, so lets just return */ if (want) { -- 2.41.0