提交 82af954c 编写于 作者: M Michal Privoznik

virDomainDefParseXML: Check for malicious cpu ids in <numa/>

https://bugzilla.redhat.com/show_bug.cgi?id=1176020

Some users think this is a good idea:

      <vcpu placement='static'>4</vcpu>
      <cpu mode='host-model'>
        <model fallback='allow'/>
        <numa>
          <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/>
          <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/>
        </numa>
      </cpu>

It's not. Lets therefore introduce a check and discourage them in
doing so.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
上级 8f2535de
......@@ -15105,6 +15105,12 @@ virDomainDefParseXML(xmlDocPtr xml,
goto error;
}
if (virDomainNumaGetMaxCPUID(def->numa) >= def->maxvcpus) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("CPU IDs in <numa> exceed the <vcpu> count"));
goto error;
}
if (virDomainNumatuneParseXML(def->numa,
def->placement_mode ==
VIR_DOMAIN_CPU_PLACEMENT_MODE_STATIC,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册