From fccab89def6dd13b895d8a6578573f8abc50401a Mon Sep 17 00:00:00 2001
From: Guannan Ren <gren@redhat.com>
Date: Fri, 31 Aug 2012 16:45:02 +0800
Subject: [PATCH] cgroup: fix libvirtd crash caused by messed memory

The variable max_id is initialized again in the step of
getting cpu mapping variable map2. But in the next for loop
we still expect original value of max_id, the bug will
crash libvirtd when using on NUMA machine with big number
of cpus.
---
 src/qemu/qemu_driver.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5081b524fa..53d6e5b56e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -13496,7 +13496,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
     char *map = NULL;
     char *map2 = NULL;
     int rv = -1;
-    int i, max_id;
+    int i, id, max_id;
     char *pos;
     char *buf = NULL;
     unsigned long long *sum_cpu_time = NULL;
@@ -13537,10 +13537,13 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
     /* return percpu cputime in index 0 */
     param_idx = 0;
 
-    if (max_id - start_cpu > ncpus - 1)
-        max_id = start_cpu + ncpus - 1;
+    /* number of cpus to compute */
+    id = max_id;
 
-    for (i = 0; i <= max_id; i++) {
+    if (max_id - start_cpu > ncpus - 1)
+        id = start_cpu + ncpus - 1;
+
+    for (i = 0; i <= id; i++) {
         if (!map[i]) {
             cpu_time = 0;
         } else if (virStrToLong_ull(pos, &pos, 10, &cpu_time) < 0) {
@@ -13580,7 +13583,7 @@ qemuDomainGetPercpuStats(virDomainPtr domain,
     }
 
     sum_cpu_pos = sum_cpu_time;
-    for (i = 0; i <= max_id; i++) {
+    for (i = 0; i <= id; i++) {
         if (!map[i])
             cpu_time = 0;
         else