When using bit-wise operations that exploit the power-of-two nature of the second argument of ROUND_UP(), we still need to ensure that the mask is as wide as the first argument (done by using addition of 0 to force proper arithmetic promotion). Unpatched, ROUND_UP(2ULL*1024*1024*1024*1024, 512) produces 0, instead of the intended 2TiB.
Broken since its introduction in commit 292c8e50 (v1.5.0). CC: qemu-triv...@nongnu.org Signed-off-by: Eric Blake <ebl...@redhat.com> --- I did not audit to see how many potential users of ROUND_UP are actually passing in different sized types where the first argument can be larger than UINT32_MAX; I stumbled across the problem when iotests 190 started failing on a patch where I added a new use. We can either be conservative and put this on qemu-stable no matter what, or go through the effort of an audit to see what might be broken (many callers in the block layer, but not just there). --- include/qemu/osdep.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index 6855b94bbf..7a3000efc5 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -189,13 +189,13 @@ extern int daemon(int, int); /* Round number up to multiple. Requires that d be a power of 2 (see * QEMU_ALIGN_UP for a safer but slower version on arbitrary - * numbers) */ + * numbers); works even if d is a smaller type than n. */ #ifndef ROUND_UP -#define ROUND_UP(n,d) (((n) + (d) - 1) & -(d)) +#define ROUND_UP(n, d) (((n) + (d) - 1) & -((n) - (n) + (d))) #endif #ifndef DIV_ROUND_UP -#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) +#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) #endif /* -- 2.13.5