balloon: Fix overflow when reporting actual memory size

Beginning with its introduction, the virtio balloon has had an overflow error
that causes 'info balloon' to misreport the actual memory size when the balloon
itself becomes larger than 4G.  Use a cast when converting dev->actual from
pages to kB to prevent overflows.

Before:
(qemu) info balloon
balloon: actual=5120
(qemu) balloon 1025
(qemu) info balloon
balloon: actual=1025
(qemu) balloon 1024
(qemu) info balloon
balloon: actual=5120

After:
(qemu) info balloon
balloon: actual=5120
(qemu) balloon 1025
(qemu) info balloon
balloon: actual=1025
(qemu) balloon 1024
(qemu) info balloon
balloon: actual=1024

Signed-off-by: Adam Litke <agl@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 6d120247fe42d1a139e3caff050435080fb87fb9..f55f7eccb935d1a219368c46a290fdb49a52ec9d 100644 (file)
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -78,7 +78,8 @@ static void stat_put(QDict *dict, const char *label, uint64_t val)
 static QObject *get_stats_qobject(VirtIOBalloon *dev)
 {
     QDict *dict = qdict_new();
-    uint32_t actual = ram_size - (dev->actual << VIRTIO_BALLOON_PFN_SHIFT);
+    uint64_t actual = ram_size - ((uint64_t) dev->actual <<
+                                  VIRTIO_BALLOON_PFN_SHIFT);
 
     stat_put(dict, "actual", actual);
     stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);