packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!164 qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975)

Browse Source 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
This commit is contained in:
openeuler-ci-bot 2022-08-25 09:31:37 +00:00 committed by Gitee
commit 271386701a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libvirt.spec
View File

@ -101,7 +101,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 6.2.0
Release: 41
Release: 42
License: LGPLv2+
URL: https://libvirt.org/
@ -251,6 +251,7 @@ Patch0138: sw_64-Add-sw64-architecture-support.patch
Patch0139: src-workaround-warning-triggered-in-glib-2.69.patch
Patch0140: nwfilter-fix-crash-when-counting-number-of-network-f.patch
Patch0141: apibuild-Fix-self.waring-method-call.patch
Patch0142: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -1985,6 +1986,9 @@ exit 0
%changelog
* Thu Aug 25 2022 yezengruan <yezengruan@huawei.com> - 6.2.0-42
- qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975)
* Thu Aug 11 2022 yezengruan <yezengruan@huawei.com> - 6.2.0-41
- apibuild: Fix self.waring method call

38
qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch Normal file
View File

@ -0,0 +1,38 @@
From 0f32142c4a92c9aca7890f25e89b56973a906201 Mon Sep 17 00:00:00 2001
From: Peng Liang <liangpeng10@huawei.com>
Date: Wed, 24 Feb 2021 19:28:23 +0800
Subject: [PATCH] qemu: Add missing lock in qemuProcessHandleMonitorEOF
qemuMonitorUnregister will be called in multiple threads (e.g. threads
in rpc worker pool and the vm event thread). In some cases, it isn't
protected by the monitor lock, which may lead to call g_source_unref
more than one time and a use-after-free problem eventually.
Add the missing lock in qemuProcessHandleMonitorEOF (which is the only
position missing lock of monitor I found).
Suggested-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index d9209ac6d2..74bb9613bc 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -316,7 +316,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon,
/* We don't want this EOF handler to be called over and over while the
* thread is waiting for a job.
*/
+ virObjectLock(mon);
qemuMonitorUnregister(mon);
+ virObjectUnlock(mon);
/* We don't want any cleanup from EOF handler (or any other
* thread) to enter qemu namespace. */
--
2.27.0