The code assumes that def->vcpus == nvcpupids, so when we setup
fake CPU pids for old QEMU with nvcpupids == 1, we cause the
later code to read off the end of the array. This has fun results
like sche_setaffinity(0, ...) which changes libvirtd's own CPU
affinity, or even better sched_setaffinity($RANDOM, ...) which
changes the affinity of a random OS process.
---
src/qemu/qemu_process.c | 9 ++++-----
src/util/virprocess.c | 1 +
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index d683918..b067f18 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2240,10 +2240,8 @@ qemuProcessDetectVcpuPIDs(virQEMUDriverPtr driver,
qemuDomainObjExitMonitor(driver, vm);
virResetLastError();
- priv->nvcpupids = 1;
- if (VIR_ALLOC_N(priv->vcpupids, priv->nvcpupids) < 0)
- return -1;
- priv->vcpupids[0] = vm->pid;
+ priv->nvcpupids = 0;
+ priv->vcpupids = NULL;
return 0;
}
qemuDomainObjExitMonitor(driver, vm);
@@ -2462,7 +2460,8 @@ qemuProcessSetVcpuAffinities(virDomainObjPtr vm)
virDomainVcpuPinDefPtr pininfo;
int n;
int ret = -1;
-
+ VIR_DEBUG("Setting affinity on CPUs nvcpupin=%zu nvcpus=%d nvcpupids=%d",
+ def->cputune.nvcpupin, def->vcpus, priv->nvcpupids);
if (!def->cputune.nvcpupin)
return 0;
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index 0c8a32f..d0a1500 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -399,6 +399,7 @@ int virProcessSetAffinity(pid_t pid, virBitmapPtr map)
{
size_t i;
bool set = false;
+ VIR_DEBUG("Set process affinity on %lld\n", (long long)pid);
# ifdef CPU_ALLOC
/* New method dynamically allocates cpu mask, allowing unlimted cpus */
int numcpus = 1024;
--
2.1.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list