From: Anthony Liguori Date: Mon, 18 Aug 2008 22:15:31 +0000 (-0500) Subject: virtio_balloon: fix towards_target when deflating balloon X-Git-Tag: v2.6.27-rc5~39^2~3 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=532a6086e35fa3b5761e68af36d4e42a550eba15;p=linux-2.6 virtio_balloon: fix towards_target when deflating balloon Both v and vb->num_pages are u32 and unsigned int respectively. If v is less than vb->num_pages (and it is, when deflating the balloon), the result is a very large 32-bit number. Since we're returning a s64, instead of getting the same negative number we desire, we get a very large positive number. This handles the case where v < vb->num_pages and ensures we get a small, negative, s64 as the result. Rusty: please push this for 2.6.27-rc4. It's probably appropriate for the stable tree too as it will cause an unexpected OOM when ballooning. Signed-off-by: Anthony Liguori Signed-off-by: Rusty Russell (simplified) --- diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c index bfef604160..62eab43152 100644 --- a/drivers/virtio/virtio_balloon.c +++ b/drivers/virtio/virtio_balloon.c @@ -158,7 +158,7 @@ static inline s64 towards_target(struct virtio_balloon *vb) vb->vdev->config->get(vb->vdev, offsetof(struct virtio_balloon_config, num_pages), &v, sizeof(v)); - return v - vb->num_pages; + return (s64)v - vb->num_pages; } static void update_balloon_size(struct virtio_balloon *vb)