On 19/03/15 22:53, Boris Ostrovsky wrote:
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -324,39 +324,63 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t)
u_sysctl)
}
break;
- case XEN_SYSCTL_topologyinfo:
+ case XEN_SYSCTL_cputopoinfo:
{
- uint32_t i, max_cpu_index, last_online_cpu;
- xen_sysctl_topologyinfo_t *ti = &op->u.topologyinfo;
+ uint32_t i, num_cpus;
+ xen_sysctl_cputopoinfo_t *ti = &op->u.cputopoinfo;
- last_online_cpu = cpumask_last(&cpu_online_map);
- max_cpu_index = min_t(uint32_t, ti->max_cpu_index, last_online_cpu);
- ti->max_cpu_index = last_online_cpu;
-
- for ( i = 0; i <= max_cpu_index; i++ )
+ num_cpus = cpumask_last(&cpu_online_map) + 1;
+ if ( !guest_handle_is_null(ti->cputopo) )
{
- if ( !guest_handle_is_null(ti->cpu_to_core) )
+ if ( ti->num_cpus < num_cpus )
{
- uint32_t core = cpu_online(i) ? cpu_to_core(i) : ~0u;
- if ( copy_to_guest_offset(ti->cpu_to_core, i, &core, 1) )
- break;
+ ret = -ENOBUFS;
+ i = num_cpus;
}
- if ( !guest_handle_is_null(ti->cpu_to_socket) )
+
+ for ( i = 0; i < num_cpus; i++ )
Observe that the "i = 0" clobbers the -ENOBUFS detection, meaning that
Xen will always write num_cpus into the userspace array, writing past
the end of the array if it is too short.
As this patch has already been committed, please fix as a matter of
priority (or I can if you are overly busy).
~Andrew
(Also, you have introduced a mixed tab/space into
tools/python/xen/lowlevel/xc/xc.c on the "goto out;" line)
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
