From 43acc011c55208570c27cef333fdda46102b1d21 Mon Sep 17 00:00:00 2001
From: Xu Yandong <xuyandong2@huawei.com>
Date: Wed, 15 Apr 2020 14:03:07 +0800
Subject: [PATCH] nodedev: fix potential heap use after free

After move device enumumeration into a thread(commit 9f0ae0b18e3),
flag driversInitialized no longer represent stateInitialized finished
complete, so reference driver->devs before use it to prevent devs freed
by virStateCleanup.

Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
Signed-off-by: Adttil <yangtao286@huawei.com>
---
 src/node_device/node_device_udev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 911325600e..6c5b788279 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -1512,8 +1512,8 @@ udevSetParent(struct udev_device *device,
     virNodeDeviceDef *objdef;
 
     parent_device = device;
+    virObjectRef(driver->devs);
     do {
-
         parent_device = udev_device_get_parent(parent_device);
         if (parent_device == NULL)
             break;
@@ -1523,6 +1523,7 @@ udevSetParent(struct udev_device *device,
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("Could not get syspath for parent of '%1$s'"),
                            udev_device_get_syspath(parent_device));
+            virObjectUnref(driver->devs);
             return -1;
         }
 
@@ -1540,6 +1541,7 @@ udevSetParent(struct udev_device *device,
     if (!def->parent)
         def->parent = g_strdup("computer");
 
+    virObjectUnref(driver->devs);
     return 0;
 }
 
-- 
2.27.0