packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-3975 (openeuler !76)

Browse Source 
qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975)

Signed-off-by: yezengruan <yezengruan@huawei.com>
This commit is contained in:
yezengruan 2022-08-25 16:27:50 +08:00
parent 1dd8bdc017
commit 916bc9fda6
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libvirt.spec
View File

@ -101,7 +101,7 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 6.2.0 Version: 6.2.0
Release: 41 Release: 42
License: LGPLv2+ License: LGPLv2+
URL: https://libvirt.org/ URL: https://libvirt.org/
@ -251,6 +251,7 @@ Patch0138: sw_64-Add-sw64-architecture-support.patch
Patch0139: src-workaround-warning-triggered-in-glib-2.69.patch Patch0139: src-workaround-warning-triggered-in-glib-2.69.patch
Patch0140: nwfilter-fix-crash-when-counting-number-of-network-f.patch Patch0140: nwfilter-fix-crash-when-counting-number-of-network-f.patch
Patch0141: apibuild-Fix-self.waring-method-call.patch Patch0141: apibuild-Fix-self.waring-method-call.patch
Patch0142: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -1985,6 +1986,9 @@ exit 0
%changelog %changelog
* Thu Aug 25 2022 yezengruan <yezengruan@huawei.com> - 6.2.0-42
- qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975)
* Thu Aug 11 2022 yezengruan <yezengruan@huawei.com> - 6.2.0-41 * Thu Aug 11 2022 yezengruan <yezengruan@huawei.com> - 6.2.0-41
- apibuild: Fix self.waring method call - apibuild: Fix self.waring method call

38
qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch Normal file
View File

@ -0,0 +1,38 @@
From 0f32142c4a92c9aca7890f25e89b56973a906201 Mon Sep 17 00:00:00 2001
From: Peng Liang <liangpeng10@huawei.com>
Date: Wed, 24 Feb 2021 19:28:23 +0800
Subject: [PATCH] qemu: Add missing lock in qemuProcessHandleMonitorEOF
qemuMonitorUnregister will be called in multiple threads (e.g. threads
in rpc worker pool and the vm event thread). In some cases, it isn't
protected by the monitor lock, which may lead to call g_source_unref
more than one time and a use-after-free problem eventually.
Add the missing lock in qemuProcessHandleMonitorEOF (which is the only
position missing lock of monitor I found).
Suggested-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index d9209ac6d2..74bb9613bc 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -316,7 +316,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon,
/* We don't want this EOF handler to be called over and over while the
* thread is waiting for a job.
*/
+ virObjectLock(mon);
qemuMonitorUnregister(mon);
+ virObjectUnlock(mon);
/* We don't want any cleanup from EOF handler (or any other
* thread) to enter qemu namespace. */
--
2.27.0