If the host asks for a huge target towards_target() can overflow, and we up oops as we try to release more pages than we have. The simple fix is to use a 64-bit value. Signed-off-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx> --- drivers/virtio/virtio_balloon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff -r fd0c80dbbd95 drivers/virtio/virtio_balloon.c --- a/drivers/virtio/virtio_balloon.c Tue Mar 11 09:21:00 2008 +1100 +++ b/drivers/virtio/virtio_balloon.c Tue Mar 11 11:25:52 2008 +1100 @@ -152,7 +152,7 @@ static void virtballoon_changed(struct v wake_up(&vb->config_change); } -static inline int towards_target(struct virtio_balloon *vb) +static inline s64 towards_target(struct virtio_balloon *vb) { u32 v; __virtio_config_val(vb->vdev, @@ -176,7 +183,7 @@ static int balloon(void *_vballoon) set_freezable(); while (!kthread_should_stop()) { - int diff; + s64 diff; try_to_freeze(); wait_event_interruptible(vb->config_change, _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/virtualization