Fix cpu_affinity memcpy() (bytes not longs!) add add a better

affinity map sanity check to avoid blowing up Xen if no
online cpu is included in the map.

Signed-off-by: Keir Fraser <keir@xensource.com>

diff --git a/xen/common/dom0_ops.c b/xen/common/dom0_ops.c
index 42b6c500350fa456632a9bc15ef995f1947b2dcf..8e7754d84a2ebaaed542471e58718357d2079234 100644 (file)
--- a/xen/common/dom0_ops.c
+++ b/xen/common/dom0_ops.c
@@ -323,7 +323,7 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
         new_affinity = v->cpu_affinity;
         memcpy(cpus_addr(new_affinity),
                &op->u.setvcpuaffinity.cpumap,
-               min((int)BITS_TO_LONGS(NR_CPUS),
+               min((int)(BITS_TO_LONGS(NR_CPUS) * sizeof(long)),
                    (int)sizeof(op->u.setvcpuaffinity.cpumap)));
 
         ret = vcpu_set_affinity(v, &new_affinity);
@@ -501,7 +501,7 @@ long do_dom0_op(dom0_op_t *u_dom0_op)
         op->u.getvcpuinfo.cpumap   = 0;
         memcpy(&op->u.getvcpuinfo.cpumap,
                cpus_addr(v->cpu_affinity),
-               min((int)BITS_TO_LONGS(NR_CPUS),
+               min((int)(BITS_TO_LONGS(NR_CPUS) * sizeof(long)),
                    (int)sizeof(op->u.getvcpuinfo.cpumap)));
         ret = 0;
 

diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index 1493cbddac9e3ab841cd2f51173b9b5b3a521091..20da7f9623149bc3746a48b55e7c016e890f2ea5 100644 (file)
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -207,7 +207,10 @@ void vcpu_wake(struct vcpu *v)
 
 int vcpu_set_affinity(struct vcpu *v, cpumask_t *affinity)
 {
-    if ( cpus_empty(*affinity) )
+    cpumask_t online_affinity;
+
+    cpus_and(online_affinity, *affinity, cpu_online_map);
+    if ( cpus_empty(online_affinity) )
         return -EINVAL;
 
     return SCHED_OP(set_affinity, v, affinity);