diff options
author | Ian Campbell <ian.campbell@citrix.com> | 2012-09-07 14:23:45 +0200 |
---|---|---|
committer | Ian Campbell <ian.campbell@citrix.com> | 2012-09-07 14:23:45 +0200 |
commit | 2146b550fd9858780866bef711f8cae8fbe658b2 (patch) | |
tree | 27fbd49b9cbd9eb56d35c52f6ea5fd62b13817c2 /docs/misc | |
parent | 65feab74d7f7cd7b737c31add33d840f7db7f2a4 (diff) | |
download | xen-2146b550fd9858780866bef711f8cae8fbe658b2.tar.gz xen-2146b550fd9858780866bef711f8cae8fbe658b2.tar.bz2 xen-2146b550fd9858780866bef711f8cae8fbe658b2.zip |
xen: clamp bitmaps to correct number of bits
Valgrind running xl create reports:
==24777== Invalid read of size 4
==24777== at 0x4072805: libxl__get_numa_candidate (libxl_numa.c:203)
==24777== by 0x40680B6: libxl__build_pre (libxl_dom.c:166)
==24777== by 0x405B82E: libxl__domain_build (libxl_create.c:323)
==24777== by 0x405BB9C: domcreate_bootloader_done (libxl_create.c:747)
==24777== by 0x407AD27: bootloader_local_detached_cb (libxl_bootloader.c:281)
==24777== by 0x40508D8: local_device_detach_cb (libxl.c:2470)
==24777== by 0x4052B10: libxl__device_disk_local_initiate_detach (libxl.c:2445)
==24777== by 0x407AE9F: bootloader_callback (libxl_bootloader.c:265)
==24777== by 0x407C69A: libxl__bootloader_run (libxl_bootloader.c:392)
==24777== by 0x405CB24: do_domain_create (libxl_create.c:687)
==24777== by 0x405CC5E: libxl_domain_create_new (libxl_create.c:1177)
==24777== by 0x805BDE2: create_domain (xl_cmdimpl.c:1812)
==24777== Address 0x42dbdd8 is 8 bytes after a block of size 48 alloc'd
==24777== at 0x4023340: calloc (vg_replace_malloc.c:593)
==24777== by 0x406D479: libxl__zalloc (libxl_internal.c:88)
==24777== by 0x404EF38: libxl_get_cpu_topology (libxl.c:3707)
==24777== by 0x4072232: libxl__get_numa_candidate (libxl_numa.c:314)
==24777== by 0x40680B6: libxl__build_pre (libxl_dom.c:166)
==24777== by 0x405B82E: libxl__domain_build (libxl_create.c:323)
==24777== by 0x405BB9C: domcreate_bootloader_done (libxl_create.c:747)
==24777== by 0x407AD27: bootloader_local_detached_cb (libxl_bootloader.c:281)
==24777== by 0x40508D8: local_device_detach_cb (libxl.c:2470)
==24777== by 0x4052B10: libxl__device_disk_local_initiate_detach (libxl.c:2445)
==24777== by 0x407AE9F: bootloader_callback (libxl_bootloader.c:265)
==24777== by 0x407C69A: libxl__bootloader_run (libxl_bootloader.c:392)
This is because with nr_cpus=4 the bitmask returned from Xen
contains 0xff rather than 0x0f bit our bitmap walking routines (e.g.
libxl_for_each_set_bit) round up to the next byte (so it iterates
e.g. 8 times not 4). This then causes us to access of the end of
whatever array we are walking through each set bit for.
The principal of least surprise suggests that these bits ought not to
be set and this is not a hot path so fix this at the hypervisor layer
by clamping the bits in the returned bitmap to the correct limit.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>
Diffstat (limited to 'docs/misc')
0 files changed, 0 insertions, 0 deletions