I received a report of user crashing libvirtd with
virsh capabilities > capabilities.xml
virsh cpu-compare capabilities.xml
Breakpoint 1, x86ModelFind (map=0x6fb6f0, name=0x0) at cpu/cpu_x86.c:501
501 model = map->models;
(gdb) bt
#0 x86ModelFind (map=0x6fb6f0, name=0x0) at cpu/cpu_x86.c:501
#1 0x00007ffff70d0832 in x86ModelFromCPU (cpu=0x712070, map=0x6fb6f0,
policy=1) at cpu/cpu_x86.c:541
#2 0x00007ffff70d12e9 in x86Compute (host=0x6ea610, cpu=0x712070,
guest=0x0) at cpu/cpu_x86.c:822
#3 0x00007ffff70d1750 in x86Compare (host=0x6ea610, cpu=0x712070) at
cpu/cpu_x86.c:927
#4 0x00007ffff70cf0c9 in cpuCompare (conn=0x6f69a0, host=0x6ea610,
cpu=0x712070) at cpu/cpu.c:118
#5 0x00007ffff70ceff4 in cpuCompareXML (conn=0x6f69a0, host=0x6ea610,
xml=0x6fa3e0 "<capabilities>\n\n <host>\n <cpu>\n
<arch>x86_64</arch>\n <features>\n <pae/>\n
</features>\n </cpu>\n <migration_features>\n <live/>\n
<uri_transports>\n <uri_tra"...) at cpu/cpu.c:90
..
(gdb) n
503 if (STREQ(model->name, name))
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4ff4960 in strcmp () from /lib64/libc.so.6
name, passed to x86ModelFind(), is NULL because virCPUDefParseXML()
failed to parse anything meaningful from the "malformed" CPU XML.
I waffled for quite a while on how to fix this and in the end decided to
ensure the CPU XML passed to virCPUDefParseXML() does in fact contain an
element named 'cpu'. AFAICT, all consumers of virCPUDefParseXML() pass
an xmlNodePtr rooted at 'cpu' element.
NB: I will be offline until Monday so if this patch is satisfactory
please include it for 0.7.8/0.8.0 release :-). Otherwise I'll respin
with suggested changes next week.
Thanks!
Jim
commit 93d68602a9701dc6f6b4f4b20eaac7159c8d3be7
Author: Jim Fehlig <jfehlig@xxxxxxxxxx>
Date: Wed Mar 31 17:02:57 2010 -0600
Only parse 'CPU XML' in virCPUDefParseXML()
Received report of user crashing libvirtd with
virsh capabilities > capabilities.xml
virsh cpu-compare capabilities.xml
While user has been informed about proper usage of cpu-compare,
segfaulting libvirt should be avoided.
Do not parse CPU definition in virCPUDefParseXML() if XML is not
a 'cpu' node.
diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c
index cf91930..c51ac4e 100644
--- a/src/conf/cpu_conf.c
+++ b/src/conf/cpu_conf.c
@@ -115,6 +115,13 @@ virCPUDefParseXML(const xmlNodePtr node,
int n;
unsigned int i;
+ if (!xmlStrEqual(node->name, BAD_CAST "cpu")) {
+ virCPUReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s",
+ _("XML does not contain expected 'cpu' element"));
+ return NULL;
+ }
+
if (VIR_ALLOC(def) < 0) {
virReportOOMError();
return NULL;
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list