From e75abae126f9fcaf1e8478f0780ecae736f7d3e1 Mon Sep 17 00:00:00 2001

Message-Id: <e75abae126f9fcaf1e8478f0780ecae736f7d3e1@dist-git>

From: "Allen, John" <John.Allen@amd.com>

Date: Tue, 2 Jul 2019 17:05:34 +0200

Subject: [PATCH] Handle copying bitmaps to larger data buffers

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

If a bitmap of a shorter length than the data buffer is passed to

virBitmapToDataBuf, it will read off the end of the bitmap and copy junk

into the returned buffer. Add a check to only copy the length of the

bitmap to the buffer.

The problem can be observed after setting a vcpu affinity using the vcpupin

command on a system with a large number of cores:

  # virsh vcpupin example_domain 0 0

  # virsh vcpupin example_domain 0

     VCPU   CPU Affinity

    ---------------------------

     0      0,192,197-198,202

Signed-off-by: John Allen <john.allen@amd.com>

(cherry picked from commit 51f9f80d350e633adf479c6a9b3c55f82ca9cbd4)

https: //bugzilla.redhat.com/show_bug.cgi?id=1703160

Signed-off-by: Erik Skultety <eskultet@redhat.com>

Message-Id: <1a487c4f1ba9725eb7325debeeff2861d7047890.1562079635.git.eskultet@redhat.com>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

---

 src/util/virbitmap.c | 4 ++++

 1 file changed, 4 insertions(+)

diff --git a/src/util/virbitmap.c b/src/util/virbitmap.c

index 49e542a4e6..7df0a2d4f3 100644

--- a/src/util/virbitmap.c

+++ b/src/util/virbitmap.c

@@ -831,11 +831,15 @@ virBitmapToDataBuf(virBitmapPtr bitmap,

                    unsigned char *bytes,

                    size_t len)

 {

+    size_t nbytes = bitmap->map_len * (VIR_BITMAP_BITS_PER_UNIT / CHAR_BIT);

     unsigned long *l;

     size_t i, j;

     memset(bytes, 0, len);

+    /* If bitmap and buffer differ in size, only fill to the smaller length */

+    len = MIN(len, nbytes);

+

     /* htole64 is not provided by gnulib, so we do the conversion by hand */

     l = bitmap->map;

     for (i = j = 0; i < len; i++, j++) {

-- 

2.22.0