On Mon, Jan 08, 2018 at 06:21:04AM -0700, Jan Beulich wrote: > >>> On 04.01.18 at 14:06, <wei.l...@citrix.com> wrote: > > + long rc; > > + > > + if ( !vcpu_info ) > > + { > > + this_cpu(vcpu_info) = &XEN_shared_info->vcpu_info[vcpu]; > > + return 0; > > + } > > + > > + if ( test_bit(vcpu, vcpu_info_mapped) ) > > + { > > + this_cpu(vcpu_info) = &vcpu_info[vcpu]; > > + return 0; > > + } > > + > > + info.mfn = virt_to_mfn(&vcpu_info[vcpu]); > > + info.offset = (unsigned long)&vcpu_info[vcpu] & ~PAGE_MASK; > > + rc = xen_hypercall_vcpu_op(VCPUOP_register_vcpu_info, vcpu, &info); > > + if ( rc ) > > + this_cpu(vcpu_info) = &XEN_shared_info->vcpu_info[vcpu]; > > You need to avoid producing an out of bounds pointer here for > large vcpu values.
I guess a BUG is the only sensible outcome here in that case. The BSP should have already limited the number of possible CPUs if mapping the vcpu_info failed. Thanks, Roger. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel