packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!168 qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975)

Browse Source 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
This commit is contained in:
openeuler-ci-bot 2022-08-25 09:32:51 +00:00 committed by Gitee
commit fd0af4a92a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libvirt.spec
View File

@ -101,7 +101,7 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 6.2.0 Version: 6.2.0
Release: 19 Release: 20
License: LGPLv2+ License: LGPLv2+
URL: https://libvirt.org/ URL: https://libvirt.org/
@ -154,6 +154,7 @@ Patch0041: virdevmapper-Don-t-cache-device-mapper-major.patch
Patch0042: virdevmapper-Handle-kernel-without-device-mapper-sup.patch Patch0042: virdevmapper-Handle-kernel-without-device-mapper-sup.patch
Patch0043: virsh-Display-vhostuser-socket-path-in-domblklist.patch Patch0043: virsh-Display-vhostuser-socket-path-in-domblklist.patch
Patch0044: nwfilter-fix-crash-when-counting-number-of-network-f.patch Patch0044: nwfilter-fix-crash-when-counting-number-of-network-f.patch
Patch0045: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -1888,6 +1889,9 @@ exit 0
%changelog %changelog
* Thu Aug 25 2022 yezengruan <yezengruan@huawei.com>
- qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975)
* Mon Jun 20 2022 yezengruan <yezengruan@huawei.com> * Mon Jun 20 2022 yezengruan <yezengruan@huawei.com>
- nwfilter: fix crash when counting number of network filters (CVE-2022-0897) - nwfilter: fix crash when counting number of network filters (CVE-2022-0897)

38
qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch Normal file
View File

@ -0,0 +1,38 @@
From baaf85d9c8b304c6cc95a892fc23962e8175a817 Mon Sep 17 00:00:00 2001
From: Peng Liang <liangpeng10@huawei.com>
Date: Wed, 24 Feb 2021 19:28:23 +0800
Subject: [PATCH] qemu: Add missing lock in qemuProcessHandleMonitorEOF
qemuMonitorUnregister will be called in multiple threads (e.g. threads
in rpc worker pool and the vm event thread). In some cases, it isn't
protected by the monitor lock, which may lead to call g_source_unref
more than one time and a use-after-free problem eventually.
Add the missing lock in qemuProcessHandleMonitorEOF (which is the only
position missing lock of monitor I found).
Suggested-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 6b9f6fb860..9701bb398b 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -315,7 +315,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon,
/* We don't want this EOF handler to be called over and over while the
* thread is waiting for a job.
*/
+ virObjectLock(mon);
qemuMonitorUnregister(mon);
+ virObjectUnlock(mon);
/* We don't want any cleanup from EOF handler (or any other
* thread) to enter qemu namespace. */
--
2.27.0