MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

libvirt: CVE-2021-3975 segmentation fault during VM shutdown can lead to vdsm hang

Browse Source 
Source: https://gitlab.com/libvirt/libvirt
MR: 121161
Type: Security Fix
Disposition: Backport from 1ac703a7d0
ChangeID: 747f58e69ce4b1dc4b77277a6acf4e5742d19fad
Description:
	CVE-2021-3975 libvirt: segmentation fault during VM shutdown can lead to vdsm hang.

Affects libvirt < 7.1

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This commit is contained in:
Hitendra Prajapati 2022-09-13 12:51:15 +05:30 committed by Bruce Ashfield
parent a63a54df31
commit cb95344976
2 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
recipes-extended/libvirt/libvirt/CVE-2021-3975.patch Normal file
View File

@ -0,0 +1,44 @@
From ffeb79e085a63f9917fc52a809a69e31e5cfd9b6 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 13 Sep 2022 10:35:43 +0530
Subject: [PATCH] CVE-2021-3975
Upstream-Status: Backport [https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7]
CVE: CVE-2021-3975
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
qemu: Add missing lock in qemuProcessHandleMonitorEOF
qemuMonitorUnregister will be called in multiple threads (e.g. threads
in rpc worker pool and the vm event thread). In some cases, it isn't
protected by the monitor lock, which may lead to call g_source_unref
more than one time and a use-after-free problem eventually.
Add the missing lock in qemuProcessHandleMonitorEOF (which is the only
position missing lock of monitor I found).
Suggested-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_process.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index d903505..0d6f14c 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -313,7 +313,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon,
/* We don't want this EOF handler to be called over and over while the
* thread is waiting for a job.
*/
+ virObjectLock(mon);
qemuMonitorUnregister(mon);
+ virObjectUnlock(mon);
/* We don't want any cleanup from EOF handler (or any other
* thread) to enter qemu namespace. */
--
2.25.1

1
recipes-extended/libvirt/libvirt_6.1.0.bb
View File

@ -48,6 +48,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
file://CVE-2021-3631.patch \ file://CVE-2021-3631.patch \
file://CVE-2021-3667.patch \ file://CVE-2021-3667.patch \
file://CVE-2022-0897.patch \ file://CVE-2022-0897.patch \
file://CVE-2021-3975.patch \
" "
SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145" SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"
SRC_URI[libvirt.sha256sum] = "167c185be45560e73dd3e14ed375778b555c01455192de2dafc4d0f74fabebc0" SRC_URI[libvirt.sha256sum] = "167c185be45560e73dd3e14ed375778b555c01455192de2dafc4d0f74fabebc0"