From nobody Fri Apr 3 00:15:09 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1774525546; cv=none; d=zohomail.com; s=zohoarc; b=MonyNPWwKvS51kugz1Bji/xvXTJ/K+gYvUFAEpzOZOQCx9Cv9BerdDPJAajDfJLrXHUBRHMMj7hox1bSqJJnKdCgmSiEw2Rc0dgUeUOqcSc88Rdzei9Wi4KUf1IP8PIW50YxkpbSlkVKVTb/BN/4nYkvYGOfiB7KagoN1bxMhxw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774525546; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=lBjQ7W7rsf2q6aMYeVra/2d01zIBF434EAmXapY6U98=; b=lRmdp7C3dX+X7qHpd3F0da47/kOO/5UITjZfgUGMiiJYcfKfFPBg/ccHIqxKU3JdWo1IDA6uGpQTIO00mqYxGspX0HxQveQlg79gOnkBQL9jEdJsuHYV3Ja0BMOHlH8oeIGsLpu8cLZjfBVsp2fc5UBAdAffCbasS1Q6Y1JFWuM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1774525546408109.75181570332131; Thu, 26 Mar 2026 04:45:46 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 63EB03F88F; Thu, 26 Mar 2026 07:45:45 -0400 (EDT) Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id A205D418D3; Thu, 26 Mar 2026 07:44:25 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id AE7D43F328; Thu, 26 Mar 2026 07:44:20 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 3BB5F41822 for ; Thu, 26 Mar 2026 07:43:57 -0400 (EDT) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-401-aEh_qweaP4WKgBJdZrsczA-1; Thu, 26 Mar 2026 07:43:55 -0400 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43b86de58d9so749560f8f.0 for ; Thu, 26 Mar 2026 04:43:54 -0700 (PDT) Received: from wheatley.localdomain ([213.175.46.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43b919df903sm7861344f8f.30.2026.03.26.04.43.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Mar 2026 04:43:52 -0700 (PDT) Received: from wheatley.pinto-pinecone.ts.net (wheatley.k8r.cz [127.0.0.1]) by wheatley.localdomain (Postfix) with ESMTP id 184EB19E19E05 for ; Thu, 26 Mar 2026 12:43:52 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774525436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lBjQ7W7rsf2q6aMYeVra/2d01zIBF434EAmXapY6U98=; b=irWV/Q4Z3JP48Seun8nTZ7PAVVIr3fDx2xgQMv+CZWh1zSecRXwCH3nM26nOg4zqcygxvj ATGN6Y7qLr0r8dGfPjDNXFadMDX82JboxArz6DxOpR1sTWquSH63dkbaAMzrm3cS9Chdtz StgWCtYMrZRO9mH3i+O+g2j27tAmWYk= X-MC-Unique: aEh_qweaP4WKgBJdZrsczA-1 X-Mimecast-MFC-AGG-ID: aEh_qweaP4WKgBJdZrsczA_1774525434 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774525433; x=1775130233; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=lBjQ7W7rsf2q6aMYeVra/2d01zIBF434EAmXapY6U98=; b=eAtn8RbIanTE+9+Zr/dmdfKrv6HhKnhSdC6RNQdHLfqrsd56oUrRw3ocTyyRv0UHS6 tCHG962hdjEB/4MtY62h2+460qjhN2tdXH31nz69nTqFov9F9jpgJG3kr2Zzf8ledFcC MRRNjyG+iDTiAOpuTZP9NLe9kkI+hFfWSpwv7VNuwsZMEvQf9CFtk78TIA26emA+lI6N lNgU2m3Z5lepp+zjGSEgPEI+siHlKQ+PvHa3HJ4IIVDJiRRVgZpPLvWcM+Js5R0I1f2o iL2MKOz9fQkvO1Z+sEpAhHMvqDOuHr1lpxt9ra34kvWE1QqGB5MjlYT/JfPCQezKUmK+ xqVQ== X-Gm-Message-State: AOJu0YynzJEFYb5bM7rv/XA1buRjFKepYEIrJZavRM2IKLaimXniOEmb aMdVrxo/CugV8rDcmik8lfgOXYyXBn8PiA1JD3pJJj9nZJHE1uLJHHkWCH7UHor6mPddRCvWjfB 4wlfj7jZyGwY6JZm16wERc9qvg4Sb0cvNT5MtcxHc6RZpzQZCs7en8Rkp6b7aTJYeNEKrPx0Nau f2W3e+ofkNPHoP/PSbbQD3R956bkOXGONdWYSxd1d+gUA= X-Gm-Gg: ATEYQzzoZAjdnywSbM6gLiM1i3640U9XVNq2uOcPGkntU3L1AgoeYP7Ryiq5HwgbMh5 YymAUlUDeSD6Ks7Cmr3vjxlImQvrQ7gAvc7HtTsy4JyZFMkp6Inhc1ZhN3+zq7gjEHGmNY+9hw3 1tbqAaJxXAq6IiPbwOtwISpChpArfu5gICA1glEavaBt/GEndZuj2evJpcT0yb02L14QIbdoi6p spjhRm80XiavquLVc9OcQPMmqxbAaTUrxkMlhghAJh+bkUJ3gDGQYPj+/zNF0niFzVSTIK+dZs2 pAcS+auXJA6k+Cmj6UiKEeRHPddrFEOEZCBdysZcMjfDivN/EaxeB2urexXdICdtPczRdqiVuVo 7CqrBhn5E7993lIwWIW/oBw== X-Received: by 2002:a05:6000:2892:b0:43b:50d6:4f00 with SMTP id ffacd0b85a97d-43b88a0d20fmr10670171f8f.30.1774525433434; Thu, 26 Mar 2026 04:43:53 -0700 (PDT) X-Received: by 2002:a05:6000:2892:b0:43b:50d6:4f00 with SMTP id ffacd0b85a97d-43b88a0d20fmr10670137f8f.30.1774525432849; Thu, 26 Mar 2026 04:43:52 -0700 (PDT) To: devel@lists.libvirt.org Subject: [PATCH 2/3] virhostcpu: Fix potential use of unallocated memory Date: Thu, 26 Mar 2026 12:43:35 +0100 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: W5CD_7lUszzTFEZeYJJGC9YX0WcYgwpYldTSCDQM8c4_1774525434 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: F66D6EVWKUPXWJ3QPDIIUX7ZGEFDPKXO X-Message-ID-Hash: F66D6EVWKUPXWJ3QPDIIUX7ZGEFDPKXO X-MailFrom: mkletzan@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Martin Kletzander via Devel Reply-To: Martin Kletzander X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1774525548097158500 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Felix Huettner In case of a host that has a large number of cpus offline the count of host cpus and the last bit set in the virHostCPUGetOnlineBitmap might diverge significantly. This can e.g. be the case when disabling smt via /sys/devices/system/cpu/smt/control. On the host this looks like: ``` $ cat /sys/devices/system/cpu/present 0-255 $ cat /sys/devices/system/cpu/online 0-127 ``` However in this case virBitmapToData previously only allocated 16 bytes for the output bitmap. This is becase the last set bit is on the 15th byte. Users of virHostCPUGetMap however rely on the "cpumap" containing enough space for all existing cpus (so they would expect 32 bytes in this case). E.g. cmdNodeCpuMap relies on this for its output. It will then actually read 32 bytes from the start of the "cpumap" address where in this case the last 16 of these bytes are uninitialized. This manifests itself in flapping outputs of "virsh nodecpumap --pretty" li= ke: ``` $ virsh nodecpumap --pretty CPUs present: 256 CPUs online: 128 CPU map: 0-127,192,194,202 $ virsh nodecpumap --pretty CPUs present: 256 CPUs online: 128 CPU map: 0-127,192,194,197 $ virsh nodecpumap --pretty CPUs present: 256 CPUs online: 128 CPU map: 0-127,192,194,196-197 ``` This in turn potentially causes users of this data to report wrong cpu counts. Note that this only seems to happen with at least 256 physical cpus where at least 128 are offline. We fix this by preallocating the expected bitmap size. Signed-off-by: Felix Huettner Reviewed-by: Martin Kletzander --- src/util/virhostcpu.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c index 8688b6ec67a6..870338edad0a 100644 --- a/src/util/virhostcpu.c +++ b/src/util/virhostcpu.c @@ -1148,28 +1148,26 @@ virHostCPUGetMap(unsigned char **cpumap, unsigned int flags) { g_autoptr(virBitmap) cpus =3D NULL; - int ret =3D -1; - int dummy; + int ncpus =3D virHostCPUGetCount(); =20 virCheckFlags(0, -1); =20 if (!cpumap && !online) - return virHostCPUGetCount(); + return ncpus; =20 if (!(cpus =3D virHostCPUGetOnlineBitmap())) - goto cleanup; + return -1; + + if (cpumap) { + int len =3D (ncpus + CHAR_BIT) / CHAR_BIT; + *cpumap =3D g_new0(unsigned char, len); + virBitmapToDataBuf(cpus, *cpumap, len); + } =20 - if (cpumap) - virBitmapToData(cpus, cpumap, &dummy); if (online) *online =3D virBitmapCountBits(cpus); =20 - ret =3D virHostCPUGetCount(); - - cleanup: - if (ret < 0 && cpumap) - VIR_FREE(*cpumap); - return ret; + return ncpus; } =20 =20 --=20 2.53.0