[libvirt] [PATCH 3/3] cgroup: fix libvirtd crash caused by messed memory
Daniel Veillard
veillard at redhat.com
Fri Aug 31 09:39:27 UTC 2012
On Fri, Aug 31, 2012 at 05:22:59PM +0800, Guannan Ren wrote:
> The variable max_id is initialized again in the step of
> getting cpu mapping variable map2. But in the next for loop
> we still expect original value of max_id, the bug will
> crash libvirtd when using on NUMA machine with big number
> of cpus.
> ---
> src/qemu/qemu_driver.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 5081b52..53d6e5b 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -13496,7 +13496,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
> char *map = NULL;
> char *map2 = NULL;
> int rv = -1;
> - int i, max_id;
> + int i, id, max_id;
> char *pos;
> char *buf = NULL;
> unsigned long long *sum_cpu_time = NULL;
> @@ -13537,10 +13537,13 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
> /* return percpu cputime in index 0 */
> param_idx = 0;
>
> + /* number of cpus to compute */
> + id = max_id;
> +
> if (max_id - start_cpu > ncpus - 1)
> - max_id = start_cpu + ncpus - 1;
> + id = start_cpu + ncpus - 1;
>
> - for (i = 0; i <= max_id; i++) {
> + for (i = 0; i <= id; i++) {
> if (!map[i]) {
> cpu_time = 0;
> } else if (virStrToLong_ull(pos, &pos, 10, &cpu_time) < 0) {
> @@ -13580,7 +13583,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
> }
>
> sum_cpu_pos = sum_cpu_time;
> - for (i = 0; i <= max_id; i++) {
> + for (i = 0; i <= id; i++) {
> if (!map[i])
> cpu_time = 0;
> else
ACK, that sounds right,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list