aboutsummaryrefslogtreecommitdiff
path: root/qobject/json-parser-int.h
diff options
context:
space:
mode:
authorDavid Hildenbrand <david@redhat.com>2019-07-22 15:41:04 +0200
committerMichael S. Tsirkin <mst@redhat.com>2019-07-25 07:57:52 -0400
commit483f13524bb2a08b7ff6a7560b846564ed3b0c33 (patch)
treefa08024c4f66a5ab38f7cffb0a7e649248e77cd5 /qobject/json-parser-int.h
parentffa207d08253ffffb3993a1dbe09e40af4fc91f1 (diff)
virtio-balloon: Fix QEMU crashes on pagesize > BALLOON_PAGE_SIZE
We are using the wrong functions to set/clear bits, effectively touching multiple bits, writing out of range of the bitmap, resulting in memory corruptions. We have to use set_bit()/clear_bit() instead. Can easily be reproduced by starting a qemu guest on hugetlbfs memory, inflating the balloon. QEMU crashes. This never could have worked properly - especially, also pages would have been discarded when the first sub-page would be inflated (the whole bitmap would be set). While testing I realized, that on hugetlbfs it is pretty much impossible to discard a page - the guest just frees the 4k sub-pages in random order most of the time. I was only able to discard a hugepage a handful of times - so I hope that now works correctly. Fixes: ed48c59875b6 ("virtio-balloon: Safely handle BALLOON_PAGE_SIZE < host page size") Fixes: b27b32391404 ("virtio-balloon: Fix possible guest memory corruption with inflates & deflates") Cc: qemu-stable@nongnu.org #v4.0.0 Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190722134108.22151-3-david@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'qobject/json-parser-int.h')
0 files changed, 0 insertions, 0 deletions