diff options
| author | Changqing Li <changqing.li@windriver.com> | 2022-01-29 15:14:57 +0800 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2022-02-04 12:18:19 -0500 |
| commit | 8127e81efbf70f17a3e8b92d6e7449be57a8e0ea (patch) | |
| tree | 3d363b788e23d548b22552ecd0dae7f72b32f009 /recipes-extended/libvirt | |
| parent | 1cb5d67c461ebd51b0d22a773415f9dd3f93f50f (diff) | |
| download | meta-virtualization-8127e81efbf70f17a3e8b92d6e7449be57a8e0ea.tar.gz | |
libvirt: fix CVE-2021-3975
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'recipes-extended/libvirt')
| -rw-r--r-- | recipes-extended/libvirt/libvirt/CVE-2021-3975.patch | 43 | ||||
| -rw-r--r-- | recipes-extended/libvirt/libvirt_6.3.0.bb | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch new file mode 100644 index 00000000..72cee94c --- /dev/null +++ b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch | |||
| @@ -0,0 +1,43 @@ | |||
| 1 | From 30de45c73106cacfc0aacc8f11c88e1aa5372d77 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changqing Li <changqing.li@windriver.com> | ||
| 3 | Date: Sat, 29 Jan 2022 13:25:54 +0800 | ||
| 4 | Subject: [PATCH] qemu: Add missing lock in qemuProcessHandleMonitorEOF | ||
| 5 | |||
| 6 | qemuMonitorUnregister will be called in multiple threads (e.g. threads | ||
| 7 | in rpc worker pool and the vm event thread). In some cases, it isn't | ||
| 8 | protected by the monitor lock, which may lead to call g_source_unref | ||
| 9 | more than one time and a use-after-free problem eventually. | ||
| 10 | |||
| 11 | Add the missing lock in qemuProcessHandleMonitorEOF (which is the only | ||
| 12 | position missing lock of monitor I found). | ||
| 13 | |||
| 14 | Suggested-by: Michal Privoznik <mprivozn@redhat.com> | ||
| 15 | Signed-off-by: Peng Liang <liangpeng10@huawei.com> | ||
| 16 | Signed-off-by: Michal Privoznik <mprivozn@redhat.com> | ||
| 17 | Reviewed-by: Michal Privoznik <mprivozn@redhat.com> | ||
| 18 | |||
| 19 | Upstream-Status: Backport [https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7] | ||
| 20 | CVE: CVE-2021-3975 | ||
| 21 | |||
| 22 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 23 | --- | ||
| 24 | src/qemu/qemu_process.c | 2 ++ | ||
| 25 | 1 file changed, 2 insertions(+) | ||
| 26 | |||
| 27 | diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c | ||
| 28 | index 8ea470f..64b8472 100644 | ||
| 29 | --- a/src/qemu/qemu_process.c | ||
| 30 | +++ b/src/qemu/qemu_process.c | ||
| 31 | @@ -315,7 +315,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon, | ||
| 32 | /* We don't want this EOF handler to be called over and over while the | ||
| 33 | * thread is waiting for a job. | ||
| 34 | */ | ||
| 35 | + virObjectLock(mon); | ||
| 36 | qemuMonitorUnregister(mon); | ||
| 37 | + virObjectUnlock(mon); | ||
| 38 | |||
| 39 | /* We don't want any cleanup from EOF handler (or any other | ||
| 40 | * thread) to enter qemu namespace. */ | ||
| 41 | -- | ||
| 42 | 2.17.1 | ||
| 43 | |||
diff --git a/recipes-extended/libvirt/libvirt_6.3.0.bb b/recipes-extended/libvirt/libvirt_6.3.0.bb index 091296ef..8e95ad67 100644 --- a/recipes-extended/libvirt/libvirt_6.3.0.bb +++ b/recipes-extended/libvirt/libvirt_6.3.0.bb | |||
| @@ -46,6 +46,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \ | |||
| 46 | file://CVE-2020-25637_4.patch \ | 46 | file://CVE-2020-25637_4.patch \ |
| 47 | file://CVE-2021-3631.patch \ | 47 | file://CVE-2021-3631.patch \ |
| 48 | file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \ | 48 | file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \ |
| 49 | file://CVE-2021-3975.patch \ | ||
| 49 | " | 50 | " |
| 50 | 51 | ||
| 51 | SRC_URI[libvirt.md5sum] = "1bd4435f77924f5ec9928b538daf4a02" | 52 | SRC_URI[libvirt.md5sum] = "1bd4435f77924f5ec9928b538daf4a02" |