From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dario Faggioli Subject: Re: [PATCH] tools/libxl: Don't read off the end of tinfo[] Date: Tue, 18 Feb 2014 17:33:37 +0100 Message-ID: <1392741217.32038.563.camel@Solace> References: <1392739145-24664-1-git-send-email-andrew.cooper3@citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6954548410674264870==" Return-path: In-Reply-To: <1392739145-24664-1-git-send-email-andrew.cooper3@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrew Cooper Cc: Ian Jackson , Ian Campbell , Xen-devel List-Id: xen-devel@lists.xenproject.org --===============6954548410674264870== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-GXn1lkf+nJ+y9TSqzfza" --=-GXn1lkf+nJ+y9TSqzfza Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On mar, 2014-02-18 at 15:59 +0000, Andrew Cooper wrote: > It is very common for BIOSes to advertise more cpus than are actually pre= sent > on the system, and mark some of them as offline. This is what Xen does t= o > allow for later CPU hotplug, and what BIOSes common to multiple different > systems do to to save fully rewriting the MADT in memory. >=20 > An excerpt from `xl info` might look like: >=20 > ... > nr_cpus : 2 > max_cpu_id : 3 > ... >=20 > Which shows 4 CPUs in the MADT, but only 2 online (as this particular box= is > the dual-core rather than the quad-core SKU of its particular brand) >=20 > Because of the way Xen exposes this information, a libxl_cputopology arra= y is > bounded by 'nr_cpus', while cpu bitmaps are bounded by 'max_cpu_id + 1'. >=20 > The current libxl code has two places which erroneously assume that a > libxl_cputopology array is as long as the number of bits found in a cpu > bitmap, and valgrind complains: >=20 > =3D=3D14961=3D=3D Invalid read of size 4 > =3D=3D14961=3D=3D at 0x407AB7F: libxl__get_numa_candidate (libxl_numa.= c:230) > =3D=3D14961=3D=3D by 0x407030B: libxl__build_pre (libxl_dom.c:167) > =3D=3D14961=3D=3D by 0x406246F: libxl__domain_build (libxl_create.c:37= 1) > ... > =3D=3D14961=3D=3D Address 0x4324788 is 8 bytes after a block of size 24 = alloc'd > =3D=3D14961=3D=3D at 0x402669D: calloc (in/usr/lib/valgrind/vgpreload_= memcheck-x86-linux.so) > =3D=3D14961=3D=3D by 0x4075BB9: libxl__zalloc (libxl_internal.c:83) > =3D=3D14961=3D=3D by 0x4052F87: libxl_get_cpu_topology (libxl.c:4408) > =3D=3D14961=3D=3D by 0x407A899: libxl__get_numa_candidate (libxl_numa.= c:342) > ... >=20 > Signed-off-by: Andrew Cooper > CC: Ian Campbell > CC: Ian Jackson > CC: Dario Faggioli > Reviewed-by: Dario Faggioli Regards, Dario --=20 <> (Raistlin Majere) ----------------------------------------------------------------- Dario Faggioli, Ph.D, http://about.me/dario.faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK) --=-GXn1lkf+nJ+y9TSqzfza Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAlMDi2EACgkQk4XaBE3IOsQomwCcDSOkaL8oRmUmQ8vevlVI2Nx1 zEYAn1gsZo8rkW/h7TTvowNRpPPVeePe =7Axl -----END PGP SIGNATURE----- --=-GXn1lkf+nJ+y9TSqzfza-- --===============6954548410674264870== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============6954548410674264870==--