On 13/09/2017 23:03, Eric Blake wrote: > When using bit-wise operations that exploit the power-of-two > nature of the second argument of ROUND_UP(), we still need to > ensure that the mask is as wide as the first argument (done > by using addition of 0 to force proper arithmetic promotion). > Unpatched, ROUND_UP(2ULL*1024*1024*1024*1024, 512) produces 0, > instead of the intended 2TiB. > > Broken since its introduction in commit 292c8e50 (v1.5.0). > > CC: [email protected] > Signed-off-by: Eric Blake <[email protected]> > > --- > I did not audit to see how many potential users of ROUND_UP > are actually passing in different sized types where the first > argument can be larger than UINT32_MAX; I stumbled across the > problem when iotests 190 started failing on a patch where I > added a new use. We can either be conservative and put this > on qemu-stable no matter what, or go through the effort of an > audit to see what might be broken (many callers in the block > layer, but not just there). > --- > include/qemu/osdep.h | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h > index 6855b94bbf..7a3000efc5 100644 > --- a/include/qemu/osdep.h > +++ b/include/qemu/osdep.h > @@ -189,13 +189,13 @@ extern int daemon(int, int); > > /* Round number up to multiple. Requires that d be a power of 2 (see > * QEMU_ALIGN_UP for a safer but slower version on arbitrary > - * numbers) */ > + * numbers); works even if d is a smaller type than n. */ > #ifndef ROUND_UP > -#define ROUND_UP(n,d) (((n) + (d) - 1) & -(d)) > +#define ROUND_UP(n, d) (((n) + (d) - 1) & -((n) - (n) + (d))) > #endif > > #ifndef DIV_ROUND_UP > -#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) > +#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) > #endif > > /* >
Cc: [email protected] Paolo
