[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 06/53] migration/rdma: Fix unwanted integer truncation
From: |
Markus Armbruster |
Subject: |
[PATCH v2 06/53] migration/rdma: Fix unwanted integer truncation |
Date: |
Thu, 28 Sep 2023 15:19:32 +0200 |
qio_channel_rdma_readv() assigns the size_t value of qemu_rdma_fill()
to an int variable before it adds it to @done / subtracts it from
@want, both size_t. Truncation when qemu_rdma_fill() copies more than
INT_MAX bytes. Seems vanishingly unlikely, but needs fixing all the
same.
Fixes: 6ddd2d76ca6f (migration: convert RDMA to use QIOChannel interface)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
migration/rdma.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/migration/rdma.c b/migration/rdma.c
index 4289346617..5f423f66f0 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2852,7 +2852,7 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
RDMAControlHeader head;
int ret = 0;
ssize_t i;
- size_t done = 0;
+ size_t done = 0, len;
RCU_READ_LOCK_GUARD();
rdma = qatomic_rcu_read(&rioc->rdmain);
@@ -2873,9 +2873,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
* were given and dish out the bytes until we run
* out of bytes.
*/
- ret = qemu_rdma_fill(rdma, data, want, 0);
- done += ret;
- want -= ret;
+ len = qemu_rdma_fill(rdma, data, want, 0);
+ done += len;
+ want -= len;
/* Got what we needed, so go to next iovec */
if (want == 0) {
continue;
@@ -2902,9 +2902,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
/*
* SEND was received with new bytes, now try again.
*/
- ret = qemu_rdma_fill(rdma, data, want, 0);
- done += ret;
- want -= ret;
+ len = qemu_rdma_fill(rdma, data, want, 0);
+ done += len;
+ want -= len;
/* Still didn't get enough, so lets just return */
if (want) {
--
2.41.0
- [PATCH v2 46/53] migration/rdma: Silence qemu_rdma_connect(), (continued)
- [PATCH v2 46/53] migration/rdma: Silence qemu_rdma_connect(), Markus Armbruster, 2023/09/28
- [PATCH v2 31/53] migration/rdma: Delete inappropriate error_report() in macro ERROR(), Markus Armbruster, 2023/09/28
- [PATCH v2 43/53] migration/rdma: Convert qemu_rdma_post_recv_control() to Error, Markus Armbruster, 2023/09/28
- [PATCH v2 17/53] migration/rdma: Ditch useless numeric error codes in error messages, Markus Armbruster, 2023/09/28
- [PATCH v2 39/53] migration/rdma: Convert qemu_rdma_write_flush() to Error, Markus Armbruster, 2023/09/28
- [PATCH v2 42/53] migration/rdma: Convert qemu_rdma_post_send_control() to Error, Markus Armbruster, 2023/09/28
- [PATCH v2 23/53] migration/rdma: Fix QEMUFileHooks method return values, Markus Armbruster, 2023/09/28
- [PATCH v2 24/53] migration/rdma: Fix rdma_getaddrinfo() error checking, Markus Armbruster, 2023/09/28
- [PATCH v2 10/53] migration/rdma: Put @errp parameter last, Markus Armbruster, 2023/09/28
- [PATCH v2 13/53] migration/rdma: Drop qemu_rdma_search_ram_block() error handling, Markus Armbruster, 2023/09/28
- [PATCH v2 06/53] migration/rdma: Fix unwanted integer truncation,
Markus Armbruster <=
- [PATCH v2 29/53] migration/rdma: Check negative error values the same way everywhere, Markus Armbruster, 2023/09/28
- [PATCH v2 41/53] migration/rdma: Convert qemu_rdma_write() to Error, Markus Armbruster, 2023/09/28
- [PATCH v2 34/53] migration/rdma: Drop "@errp is clear" guards around error_setg(), Markus Armbruster, 2023/09/28
- [PATCH v2 21/53] migration/rdma: Fix qemu_get_cm_event_timeout() to always set error, Markus Armbruster, 2023/09/28
- [PATCH v2 20/53] migration/rdma: Fix qemu_rdma_broken_ipv6_kernel() to set error, Markus Armbruster, 2023/09/28
- [PATCH v2 33/53] migration/rdma: Fix error handling around rdma_getaddrinfo(), Markus Armbruster, 2023/09/28
- [PATCH v2 30/53] migration/rdma: Plug a memory leak and improve a message, Markus Armbruster, 2023/09/28
- [PATCH v2 25/53] migration/rdma: Return -1 instead of negative errno code, Markus Armbruster, 2023/09/28