diff options
author | Igor Mammedov <imammedo@redhat.com> | 2013-05-30 17:09:34 +0200 |
---|---|---|
committer | Andreas Färber <afaerber@suse.de> | 2013-06-10 23:33:18 +0200 |
commit | 8de433cb0820dc1f387a2d580d255744aacd60cc (patch) | |
tree | 7a3e5952003f3ef815bdaa57fddcc2cdd3c189bd /hw/i386 | |
parent | 88f62c2b1deb466749e340a8a241975c509bd9b6 (diff) |
pc: Fix crash when attempting to hotplug CPU with negative ID
QMP command "{ 'execute': 'cpu-add', 'arguments': { 'id': -1 }}" may cause
QEMU SIGSEGV at:
piix4_cpu_hotplug_req ()
...
g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
...
Since for PC in current implementation id should be in range [0...maxcpus)
and maxcpus is already checked, add check for lower bound and error out
on incorrect value.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Diffstat (limited to 'hw/i386')
-rw-r--r-- | hw/i386/pc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 4844a6b370..553becbd42 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -927,6 +927,11 @@ void pc_hot_add_cpu(const int64_t id, Error **errp) DeviceState *icc_bridge; int64_t apic_id = x86_cpu_apic_id_from_index(id); + if (id < 0) { + error_setg(errp, "Invalid CPU id: %" PRIi64, id); + return; + } + if (cpu_exists(apic_id)) { error_setg(errp, "Unable to add CPU: %" PRIi64 ", it already exists", id); |