[libvirt] [PATCH 3/3] cgroup: fix libvirtd crash caused by messed memory

Fri Aug 31 09:22:59 UTC 2012

The variable max_id is initialized again in the step of
getting cpu mapping variable map2. But in the next for loop
we still expect original value of max_id, the bug will
crash libvirtd when using on NUMA machine with big number
of cpus.
---
 src/qemu/qemu_driver.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5081b52..53d6e5b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -13496,7 +13496,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
     char *map = NULL;
     char *map2 = NULL;
     int rv = -1;
-    int i, max_id;
+    int i, id, max_id;
     char *pos;
     char *buf = NULL;
     unsigned long long *sum_cpu_time = NULL;
@@ -13537,10 +13537,13 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
     /* return percpu cputime in index 0 */
     param_idx = 0;
 
+    /* number of cpus to compute */
+    id = max_id;
+
     if (max_id - start_cpu > ncpus - 1)
-        max_id = start_cpu + ncpus - 1;
+        id = start_cpu + ncpus - 1;
 
-    for (i = 0; i <= max_id; i++) {
+    for (i = 0; i <= id; i++) {
         if (!map[i]) {
             cpu_time = 0;
         } else if (virStrToLong_ull(pos, &pos, 10, &cpu_time) < 0) {
@@ -13580,7 +13583,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
     }
 
     sum_cpu_pos = sum_cpu_time;
-    for (i = 0; i <= max_id; i++) {
+    for (i = 0; i <= id; i++) {
         if (!map[i])
             cpu_time = 0;
         else
-- 
1.7.11.4


