[PATCH 2/2] virDomainDefParseXML: Check for malicious cpu ids in <numa/>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1176020

Some users think this is a good idea:

      <vcpu placement='static'>4</vcpu>
      <cpu mode='host-model'>
        <model fallback='allow'/>
        <numa>
          <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/>
          <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/>
        </numa>
      </cpu>

It's not. Lets therefore introduce a check and discourage them in
doing so.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/conf/domain_conf.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5eaeb21..e4114f8 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15105,6 +15105,12 @@ virDomainDefParseXML(xmlDocPtr xml,
         goto error;
     }
 
+    if (virDomainNumaGetMaxCPUID(def->numa) >= def->maxvcpus) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("CPU IDs in <numa> exceed the <vcpu> count"));
+        goto error;
+    }
+
     if (virDomainNumatuneParseXML(def->numa,
                                   def->placement_mode ==
                                   VIR_DOMAIN_CPU_PLACEMENT_MODE_STATIC,
-- 
2.4.6

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]