diff options
Diffstat (limited to 'recipes-extended/libvirt/libvirt/CVE-2021-3975.patch')
-rw-r--r-- | recipes-extended/libvirt/libvirt/CVE-2021-3975.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch new file mode 100644 index 00000000..1d69d526 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch @@ -0,0 +1,44 @@ +From ffeb79e085a63f9917fc52a809a69e31e5cfd9b6 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Tue, 13 Sep 2022 10:35:43 +0530 +Subject: [PATCH] CVE-2021-3975 + +Upstream-Status: Backport [https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7] +CVE: CVE-2021-3975 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +qemu: Add missing lock in qemuProcessHandleMonitorEOF + +qemuMonitorUnregister will be called in multiple threads (e.g. threads +in rpc worker pool and the vm event thread). In some cases, it isn't +protected by the monitor lock, which may lead to call g_source_unref +more than one time and a use-after-free problem eventually. + +Add the missing lock in qemuProcessHandleMonitorEOF (which is the only +position missing lock of monitor I found). + +Suggested-by: Michal Privoznik <mprivozn@redhat.com> +Signed-off-by: Peng Liang <liangpeng10@huawei.com> +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +Reviewed-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/qemu/qemu_process.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c +index d903505..0d6f14c 100644 +--- a/src/qemu/qemu_process.c ++++ b/src/qemu/qemu_process.c +@@ -313,7 +313,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon, + /* We don't want this EOF handler to be called over and over while the + * thread is waiting for a job. + */ ++ virObjectLock(mon); + qemuMonitorUnregister(mon); ++ virObjectUnlock(mon); + + /* We don't want any cleanup from EOF handler (or any other + * thread) to enter qemu namespace. */ +-- +2.25.1 + |