libvirt/nodedev-fix-potential-heap-use-after-free.patch

From 43acc011c55208570c27cef333fdda46102b1d21 Mon Sep 17 00:00:00 2001
From: Xu Yandong <xuyandong2@huawei.com>
Date: Wed, 15 Apr 2020 14:03:07 +0800
Subject: [PATCH] nodedev: fix potential heap use after free

After move device enumumeration into a thread(commit 9f0ae0b18e3),
flag driversInitialized no longer represent stateInitialized finished
complete, so reference driver->devs before use it to prevent devs freed
by virStateCleanup.

Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
Signed-off-by: Adttil <yangtao286@huawei.com>
---
 src/node_device/node_device_udev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 911325600e..6c5b788279 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -1512,8 +1512,8 @@ udevSetParent(struct udev_device *device,
     virNodeDeviceDef *objdef;
 
     parent_device = device;
+    virObjectRef(driver->devs);
     do {
-
         parent_device = udev_device_get_parent(parent_device);
         if (parent_device == NULL)
             break;
@@ -1523,6 +1523,7 @@ udevSetParent(struct udev_device *device,
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("Could not get syspath for parent of '%1$s'"),
                            udev_device_get_syspath(parent_device));
+            virObjectUnref(driver->devs);
             return -1;
         }
 
@@ -1540,6 +1541,7 @@ udevSetParent(struct udev_device *device,
     if (!def->parent)
         def->parent = g_strdup("computer");
 
+    virObjectUnref(driver->devs);
     return 0;
 }
 
-- 
2.27.0
libvirt update to version 9.10.0-4: - docs: Document CPU clusters - docs: Improve documentation for CPU topology - tests: Verify handling of CPU clusters in QMP data - qemu: Make monitor aware of CPU clusters - qemu: Use CPU clusters for guests - qemu: Introduce QEMU_CAPS_SMP_CLUSTERS - conf: Allow specifying CPU clusters - conf: Report CPU clusters in capabilities XML - tests: Add hostcpudata for machine with CPU clusters - cpu_map: add kunpeng-920 features to arm features - cpu/aarch64: enable host-model cpu for AArch64 architecture - conf/domain_conf: pin the retry_interval and retry_timeout parameters to xml - nodedev: fix potential heap use after free - libvirt/conf: Set default values of retry fileds - qemu: Support 'retry' BLOCK_IO_ERROR event. - libvirt: Add 'retry' support for error policy - vdpa: support vdpa device migrate - vdpa: support vdpa device hot plug/unplug - hostdev:Introduce vDPA device to hostdev subsystem as a new subtype - node_device: fix leak of DIR* - migration/multifd-pin: support migration multifd thread pin - migration/multifd-pin: add qemu monitor callback functions - migration/migration-pin: add domainMigrationPid for qemuMonitorCallbacks - migration/migration-pin: add migrationpin for migration parameters - migration/migration-pin: add qemu monitor callback functions - migration/migration-pin:add some migration/multiFd params - qemu: add pointer check in qemuMonitorLastError - qemu: fix a concurrent operation situation - test/commandtest: skip the test4 if the testcase is run in the container env Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> 2024-04-02 20:56:45 +08:00			`From 43acc011c55208570c27cef333fdda46102b1d21 Mon Sep 17 00:00:00 2001`
			`From: Xu Yandong <xuyandong2@huawei.com>`
			`Date: Wed, 15 Apr 2020 14:03:07 +0800`
			`Subject: [PATCH] nodedev: fix potential heap use after free`

			`After move device enumumeration into a thread(commit 9f0ae0b18e3),`
			`flag driversInitialized no longer represent stateInitialized finished`
			`complete, so reference driver->devs before use it to prevent devs freed`
			`by virStateCleanup.`

			`Signed-off-by: Xu Yandong <xuyandong2@huawei.com>`
			`Signed-off-by: Adttil <yangtao286@huawei.com>`
			`---`
			`src/node_device/node_device_udev.c \| 4 +++-`
			`1 file changed, 3 insertions(+), 1 deletion(-)`

			`diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c`
			`index 911325600e..6c5b788279 100644`
			`--- a/src/node_device/node_device_udev.c`
			`+++ b/src/node_device/node_device_udev.c`
			`@@ -1512,8 +1512,8 @@ udevSetParent(struct udev_device *device,`
			`virNodeDeviceDef *objdef;`

			`parent_device = device;`
			`+ virObjectRef(driver->devs);`
			`do {`
			`-`
			`parent_device = udev_device_get_parent(parent_device);`
			`if (parent_device == NULL)`
			`break;`
			`@@ -1523,6 +1523,7 @@ udevSetParent(struct udev_device *device,`
			`virReportError(VIR_ERR_INTERNAL_ERROR,`
			`_("Could not get syspath for parent of '%1$s'"),`
			`udev_device_get_syspath(parent_device));`
			`+ virObjectUnref(driver->devs);`
			`return -1;`
			`}`

			`@@ -1540,6 +1541,7 @@ udevSetParent(struct udev_device *device,`
			`if (!def->parent)`
			`def->parent = g_strdup("computer");`

			`+ virObjectUnref(driver->devs);`
			`return 0;`
			`}`

			`--`
			`2.27.0`