From e24d9516a286735716f388dcb403e2cf84841f25 Mon Sep 17 00:00:00 2001 From: huangkai Date: Tue, 2 Aug 2022 16:21:38 +0800 Subject: [PATCH 15/22] virsh: Fix integer overflow in allocpages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I've came across an aarch64 system which supports hugepages up to 16GiB of size. However, I was unable to allocate them using virsh allocpages. This is because cmdAllocpages() uses vshCommandOptScaledInt(), which scales passed value into bytes, but since the virNodeAllocPages() expects size in KiB the variable holding bytes is then divided by 1024. However, the limit for the biggest value passed to vshCommandOptScaledInt() is UINT_MAX which is now obviously wrong, as it needs to be UINT_MAX * 1024. The same bug is in completer. But here, let's use ULLONG_MAX so that we don't have to care about it anymore. Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko --- tools/virsh-completer-host.c | 2 +- tools/virsh-host.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/virsh-completer-host.c b/tools/virsh-completer-host.c index 8893888ec2..7d2ef01be1 100644 --- a/tools/virsh-completer-host.c +++ b/tools/virsh-completer-host.c @@ -41,7 +41,7 @@ virshPagesizeNodeToString(xmlNodePtr node) unit = virXMLPropString(node, "unit"); if (virStrToLong_ull(pagesize, NULL, 10, &byteval) < 0) return NULL; - if (virScaleInteger(&byteval, unit, 1024, UINT_MAX) < 0) + if (virScaleInteger(&byteval, unit, 1024, ULLONG_MAX) < 0) return NULL; size = vshPrettyCapacity(byteval, &suffix); ret = g_strdup_printf("%.0f%s", size, suffix); diff --git a/tools/virsh-host.c b/tools/virsh-host.c index 0fd77cbae5..67d5466be2 100644 --- a/tools/virsh-host.c +++ b/tools/virsh-host.c @@ -519,7 +519,7 @@ cmdAllocpages(vshControl *ctl, const vshCmd *cmd) if (cellno && vshCommandOptInt(ctl, cmd, "cellno", &startCell) < 0) return false; - if (vshCommandOptScaledInt(ctl, cmd, "pagesize", &tmp, 1024, UINT_MAX) < 0) + if (vshCommandOptScaledInt(ctl, cmd, "pagesize", &tmp, 1024, UINT_MAX * 1024ULL) < 0) return false; pageSizes[0] = VIR_DIV_UP(tmp, 1024); -- 2.33.0