event: fix divide by 0 in send_event()
authorBarret Rhoden <brho@cs.berkeley.edu>
Thu, 9 May 2019 00:40:27 +0000 (20:40 -0400)
committerBarret Rhoden <brho@cs.berkeley.edu>
Thu, 9 May 2019 00:44:53 +0000 (20:44 -0400)
SCPs have num_vcores == 0, which triggers a divide by zero.

You can tell how old the ROUND_ROBIN event style is - it's never been
used on an SCP.  Back in the day, SCPs couldn't even receive events.
Now they have vcore context and the ability to run a 2LS.

Reported-by: syzbot+a20f4107d5ec7009c1c4@syzkaller.appspotmail.com
Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
kern/src/event.c

index 62a51e8..874f73e 100644 (file)
@@ -389,8 +389,14 @@ void send_event(struct proc *p, struct event_queue *ev_q, struct event_msg *msg,
                /* Pick a vcore, round-robin style.  Assuming ev_vcore was the
                 * previous one used.  Note that round-robin overrides the
                 * passed-in vcoreid.  Also note this may be 'wrong' if
-                * num_vcores changes. */
-               vcoreid = (ev_q->ev_vcore + 1) % p->procinfo->num_vcores;
+                * num_vcores changes.  Also also note that SCPs currently have
+                * 0 vcores. */
+               if (__proc_is_mcp(p)) {
+                       vcoreid = (ev_q->ev_vcore + 1) %
+                                 p->procinfo->num_vcores;
+               } else {
+                       vcoreid = 0;
+               }
                ev_q->ev_vcore = vcoreid;
        }
        if (!proc_vcoreid_is_safe(p, vcoreid)) {