pc: Fix crash when attempting to hotplug CPU with negative ID

QMP command "{ 'execute': 'cpu-add', 'arguments': { 'id': -1 }}" may cause QEMU SIGSEGV at: piix4_cpu_hotplug_req () ... g->sts[cpu_id / 8] |= (1 << (cpu_id % 8)); ... Since for PC in current implementation id should be in range [0...maxcpus) and maxcpus is already checked, add check for lower bound and error out on incorrect value. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de> (cherry picked from commit 8de433cb0820dc1f387a2d580d255744aacd60cc) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
author: Igor Mammedov <imammedo@redhat.com> 2013-05-30 17:09:34 +0200
committer: Michael Roth <mdroth@linux.vnet.ibm.com> 2013-06-17 18:01:42 -0500
commit: 75e4aa9405d7824bc5b26c0c10d5bab7fd697d2e (patch)
tree: 8582621f538025234b17f0543aa3d691892e109a
parent: 055a7fce6513a67ecb7db06f808013faa916327e (diff)
download: qemu-75e4aa9405d7824bc5b26c0c10d5bab7fd697d2e.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 197d218715..e2c44f8882 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -927,6 +927,11 @@ void pc_hot_add_cpu(const int64_t id, Error **errp)
     DeviceState *icc_bridge;
     int64_t apic_id = x86_cpu_apic_id_from_index(id);
 
+    if (id < 0) {
+        error_setg(errp, "Invalid CPU id: %" PRIi64, id);
+        return;
+    }
+
     if (cpu_exists(apic_id)) {
         error_setg(errp, "Unable to add CPU: %" PRIi64
                    ", it already exists", id);
author	Igor Mammedov <imammedo@redhat.com>	2013-05-30 17:09:34 +0200
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2013-06-17 18:01:42 -0500
commit	75e4aa9405d7824bc5b26c0c10d5bab7fd697d2e (patch)
tree	8582621f538025234b17f0543aa3d691892e109a
parent	055a7fce6513a67ecb7db06f808013faa916327e (diff)
download	qemu-75e4aa9405d7824bc5b26c0c10d5bab7fd697d2e.tar.gz