|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] xen/vcpu: Improve sanity checks in vcpu_create()
The BUG_ON() is confusing to follow. The (!is_idle_domain(d) || vcpu_id) part
is a vestigial remnant of architectures poisioning idle_vcpu[0] with non-NULL
pointers.
Now that idle_vcpu[0] is NULL on all architectures, and d->max_vcpus specified
before vcpu_create() is called, we can properly range check the requested
vcpu_id.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Julien Grall <julien@xxxxxxx>
CC: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
---
xen/common/domain.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 0b1103fdb2..ee3f9ffd3e 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -139,7 +139,19 @@ struct vcpu *vcpu_create(struct domain *d, unsigned int
vcpu_id)
{
struct vcpu *v;
- BUG_ON((!is_idle_domain(d) || vcpu_id) && d->vcpu[vcpu_id]);
+ /*
+ * Sanity check some input expectations:
+ * - vcpu_id should be bounded by d->max_vcpus, and not previously
+ * allocated.
+ * - VCPUs should be tightly packed and allocated in ascending order,
+ * except for the idle domain which may vary based on PCPU numbering.
+ */
+ if ( vcpu_id >= d->max_vcpus || d->vcpu[vcpu_id] ||
+ (!is_idle_domain(d) && vcpu_id && !d->vcpu[vcpu_id - 1]) )
+ {
+ ASSERT_UNREACHABLE();
+ return NULL;
+ }
if ( (v = alloc_vcpu_struct(d)) == NULL )
return NULL;
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |