On Fri, Jun 06, 2014 at 08:06:52AM +0200, Markus Armbruster wrote: > Eduardo Habkost <ehabk...@redhat.com> writes: > > > When parsing the -smp option, check if the values (that can be anywhere > > in the [0, UINT64_MAX] range) are in the int range before setting the > > int globals smp_cpus, max_cpus, smp_cores, smp_threads. > > > > Without this, it was posbible to make smp_cpus and max_cpus negative. > > > > Signed-off-by: Eduardo Habkost <ehabk...@redhat.com> > > The INT_MAX limit might be too generous, but your code sure beats the > silent truncation we have now. >
We will enforce other less generous limits (i.e. machine->max_cpus, MAX_CPUMASK_BITS) later, outside smp_parse(), on the machine initialization code. These new checks are just to make sure smp_parse() won't silently truncate the values when setting the globals (which is impossible to check outside smp_parse()). > Reviewed-by: Markus Armbruster <arm...@redhat.com> Thanks! -- Eduardo
