Gentle reminder. Any comments on this patch?
Thanks,
John
On Mon, Apr 15, 2019 at 09:43:07AM -0500, Allen, John wrote:
> If a bitmap of a shorter length than the data buffer is passed to
> virBitmapToDataBuf, it will read off the end of the bitmap and copy junk
> into the returned buffer. Add a check to only copy the length of the
> bitmap to the buffer.
>
> The problem can be observed after setting a vcpu affinity using the vcpupin
> command on a system with a large number of cores:
> # virsh vcpupin example_domain 0 0
> # virsh vcpupin example_domain 0
> VCPU CPU Affinity
> ---------------------------
> 0 0,192,197-198,202
>
> Signed-off-by: John Allen <john.allen@xxxxxxx>
> ---
> diff --git a/src/util/virbitmap.c b/src/util/virbitmap.c
> index d074f29e54..021174cbb3 100644
> --- a/src/util/virbitmap.c
> +++ b/src/util/virbitmap.c
> @@ -824,11 +824,15 @@ virBitmapToDataBuf(virBitmapPtr bitmap,
> unsigned char *bytes,
> size_t len)
> {
> + size_t nbytes = bitmap->map_len * (VIR_BITMAP_BITS_PER_UNIT / CHAR_BIT);
> unsigned long *l;
> size_t i, j;
>
> memset(bytes, 0, len);
>
> + /* If bitmap and buffer differ in size, only fill to the smaller length */
> + len = MIN(len, nbytes);
> +
> /* htole64 is not provided by gnulib, so we do the conversion by hand */
> l = bitmap->map;
> for (i = j = 0; i < len; i++, j++) {
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
