[PULL 13/65] migration/rdma: Fix unwanted integer truncation

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 13/65] migration/rdma: Fix unwanted integer truncation

From:	Juan Quintela
Subject:	[PULL 13/65] migration/rdma: Fix unwanted integer truncation
Date:	Wed, 11 Oct 2023 11:21:11 +0200

From: Markus Armbruster <armbru@redhat.com>

qio_channel_rdma_readv() assigns the size_t value of qemu_rdma_fill()
to an int variable before it adds it to @done / subtracts it from
@want, both size_t.  Truncation when qemu_rdma_fill() copies more than
INT_MAX bytes.  Seems vanishingly unlikely, but needs fixing all the
same.

Fixes: 6ddd2d76ca6f (migration: convert RDMA to use QIOChannel interface)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230928132019.2544702-7-armbru@redhat.com>
---
 migration/rdma.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/migration/rdma.c b/migration/rdma.c
index d1e727f30b..ff8e475f59 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2871,7 +2871,7 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
     RDMAControlHeader head;
     int ret = 0;
     ssize_t i;
-    size_t done = 0;
+    size_t done = 0, len;
 
     RCU_READ_LOCK_GUARD();
     rdma = qatomic_rcu_read(&rioc->rdmain);
@@ -2892,9 +2892,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
          * were given and dish out the bytes until we run
          * out of bytes.
          */
-        ret = qemu_rdma_fill(rdma, data, want, 0);
-        done += ret;
-        want -= ret;
+        len = qemu_rdma_fill(rdma, data, want, 0);
+        done += len;
+        want -= len;
         /* Got what we needed, so go to next iovec */
         if (want == 0) {
             continue;
@@ -2921,9 +2921,9 @@ static ssize_t qio_channel_rdma_readv(QIOChannel *ioc,
         /*
          * SEND was received with new bytes, now try again.
          */
-        ret = qemu_rdma_fill(rdma, data, want, 0);
-        done += ret;
-        want -= ret;
+        len = qemu_rdma_fill(rdma, data, want, 0);
+        done += len;
+        want -= len;
 
         /* Still didn't get enough, so lets just return */
         if (want) {
-- 
2.41.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 01/65] migration/qmp: Fix crash on setting tls-authz with null, (continued)
- [PULL 01/65] migration/qmp: Fix crash on setting tls-authz with null, Juan Quintela, 2023/10/11
- [PULL 04/65] tests/qtest: migration: Use migrate_incoming_qmp where appropriate, Juan Quintela, 2023/10/11
- [PULL 07/65] migration: Allow RECOVER->PAUSED convertion for dest qemu, Juan Quintela, 2023/10/11
- [PULL 03/65] tests/qtest: migration: Add migrate_incoming_qmp helper, Juan Quintela, 2023/10/11
- [PULL 06/65] tests/qtest: migration: Add support for negative testing of qmp_migrate, Juan Quintela, 2023/10/11
- [PULL 02/65] tests/qtest: migration: Expose migrate_set_capability, Juan Quintela, 2023/10/11
- [PULL 09/65] migration/rdma: Clean up qemu_rdma_data_init()'s return type, Juan Quintela, 2023/10/11
- [PULL 10/65] migration/rdma: Clean up rdma_delete_block()'s return type, Juan Quintela, 2023/10/11
- [PULL 05/65] migration: Set migration status early in incoming side, Juan Quintela, 2023/10/11
- [PULL 08/65] migration/rdma: Clean up qemu_rdma_poll()'s return type, Juan Quintela, 2023/10/11
- [PULL 13/65] migration/rdma: Fix unwanted integer truncation, Juan Quintela <=
- [PULL 12/65] migration/rdma: Consistently use uint64_t for work request IDs, Juan Quintela, 2023/10/11
- [PULL 11/65] migration/rdma: Drop fragile wr_id formatting, Juan Quintela, 2023/10/11
- [PULL 14/65] migration/rdma: Clean up two more harmless signed vs. unsigned issues, Juan Quintela, 2023/10/11
- [PULL 15/65] migration/rdma: Give qio_channel_rdma_source_funcs internal linkage, Juan Quintela, 2023/10/11
- [PULL 16/65] migration/rdma: Fix qemu_rdma_accept() to return failure on errors, Juan Quintela, 2023/10/11
- [PULL 17/65] migration/rdma: Put @errp parameter last, Juan Quintela, 2023/10/11
- [PULL 18/65] migration/rdma: Eliminate error_propagate(), Juan Quintela, 2023/10/11
- [PULL 19/65] migration/rdma: Drop rdma_add_block() error handling, Juan Quintela, 2023/10/11
- [PULL 20/65] migration/rdma: Drop qemu_rdma_search_ram_block() error handling, Juan Quintela, 2023/10/11
- [PULL 21/65] migration/rdma: Make qemu_rdma_buffer_mergeable() return bool, Juan Quintela, 2023/10/11

Prev by Date: [PULL 08/65] migration/rdma: Clean up qemu_rdma_poll()'s return type
Next by Date: [PULL 12/65] migration/rdma: Consistently use uint64_t for work request IDs
Previous by thread: [PULL 08/65] migration/rdma: Clean up qemu_rdma_poll()'s return type
Next by thread: [PULL 12/65] migration/rdma: Consistently use uint64_t for work request IDs
Index(es):
- Date
- Thread