Re: [libvirt] [PATCH 3/3] cgroup: fix libvirtd crash caused by messed memory

The variable max_id is initialized again in the step of getting cpu mapping variable map2. But in the next for loop we still expect original value of max_id, the bug will crash libvirtd when using on NUMA machine with big number of cpus. --- src/qemu/qemu_driver.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 5081b52..53d6e5b 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -13496,7 +13496,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain, char *map = NULL; char *map2 = NULL; int rv = -1; - int i, max_id; + int i, id, max_id; char *pos; char *buf = NULL; unsigned long long *sum_cpu_time = NULL; @@ -13537,10 +13537,13 @@ qemuDomainGetPercpuStats(virDomainPtr domain, /* return percpu cputime in index 0 */ param_idx = 0; + /* number of cpus to compute */ + id = max_id; + if (max_id - start_cpu > ncpus - 1) - max_id = start_cpu + ncpus - 1; + id = start_cpu + ncpus - 1; - for (i = 0; i <= max_id; i++) { + for (i = 0; i <= id; i++) { if (!map[i]) { cpu_time = 0; } else if (virStrToLong_ull(pos, &pos, 10, &cpu_time) < 0) { @@ -13580,7 +13583,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain, } sum_cpu_pos = sum_cpu_time; - for (i = 0; i <= max_id; i++) { + for (i = 0; i <= id; i++) { if (!map[i]) cpu_time = 0; else