virDomainDefParseXML: Check for malicious cpu ids in <numa/>

https://bugzilla.redhat.com/show_bug.cgi?id=1176020 Some users think this is a good idea: <vcpu placement='static'>4</vcpu> <cpu mode='host-model'> <model fallback='allow'/> <numa> <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/> <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/> </numa> </cpu> It's not. Lets therefore introduce a check and discourage them in doing so. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>

virDomainDefParseXML: Check for malicious cpu ids in <numa/>
https://bugzilla.redhat.com/show_bug.cgi?id=1176020 Some users think this is a good idea: <vcpu placement='static'>4</vcpu> <cpu mode='host-model'> <model fallback='allow'/> <numa> <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/> <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/> </numa> </cpu> It's not. Lets therefore introduce a check and discourage them in doing so. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>
82af954c · Michal Privoznik · 8f2535de · 82af954c
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

src/conf/domain_conf.c src/conf/domain_conf.c +6 -0

未找到文件。
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15105,6 +15105,12 @@ virDomainDefParseXML(xmlDocPtr xml,
        goto error;
    }

+    if (virDomainNumaGetMaxCPUID(def->numa) >= def->maxvcpus) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("CPU IDs in <numa> exceed the <vcpu> count"));
+        goto error;
+    }
+
    if (virDomainNumatuneParseXML(def->numa,
                                  def->placement_mode ==
                                  VIR_DOMAIN_CPU_PLACEMENT_MODE_STATIC,