[PATCH 2/6] qemu: driver: Fix qemuDomainHelperGetVcpus for sparse vcpu topologies

Peter Krempa <pkrempa@xxxxxxxxxx> · Thu, 25 Aug 2016 18:42:46 -0400

ce43cca0e refactored the helper to prepare it for sparse topologies but
forgot to fix the iterator used to fill the structures. This would
result into a weirdly sparse populated array and possible out of bounds
access and crash once sparse vcpu topologies were allowed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1369988
---
 src/qemu/qemu_driver.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 97e2ffc..671d1ff 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1477,15 +1477,17 @@ qemuDomainHelperGetVcpus(virDomainObjPtr vm,
     for (i = 0; i < virDomainDefGetVcpusMax(vm->def) && ncpuinfo < maxinfo; i++) {
         virDomainVcpuDefPtr vcpu = virDomainDefGetVcpu(vm->def, i);
         pid_t vcpupid = qemuDomainGetVcpuPid(vm, i);
+        virVcpuInfoPtr vcpuinfo = info + ncpuinfo;

         if (!vcpu->online)
             continue;

         if (info) {
-            info[i].number = i;
-            info[i].state = VIR_VCPU_RUNNING;
+            vcpuinfo->number = i;
+            vcpuinfo->state = VIR_VCPU_RUNNING;

-            if (qemuGetProcessInfo(&(info[i].cpuTime), &(info[i].cpu), NULL,
+            if (qemuGetProcessInfo(&vcpuinfo->cpuTime,
+                                   &vcpuinfo->cpu, NULL,
                                    vm->pid, vcpupid) < 0) {
                 virReportSystemError(errno, "%s",
                                      _("cannot get vCPU placement & pCPU time"));
@@ -1494,7 +1496,7 @@ qemuDomainHelperGetVcpus(virDomainObjPtr vm,
         }

         if (cpumaps) {
-            unsigned char *cpumap = VIR_GET_CPUMAP(cpumaps, maplen, i);
+            unsigned char *cpumap = VIR_GET_CPUMAP(cpumaps, maplen, ncpuinfo);
             virBitmapPtr map = NULL;

             if (!(map = virProcessGetAffinity(vcpupid)))
@@ -1505,7 +1507,7 @@ qemuDomainHelperGetVcpus(virDomainObjPtr vm,
         }

         if (cpuwait) {
-            if (qemuGetSchedInfo(&(cpuwait[i]), vm->pid, vcpupid) < 0)
+            if (qemuGetSchedInfo(&(cpuwait[ncpuinfo]), vm->pid, vcpupid) < 0)
                 return -1;
         }

-- 
2.8.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






