From 798c852d51b91ab435ce6156ebaaa4f8b4ee3382 Mon Sep 17 00:00:00 2001 From: yezengruan Date: Sat, 20 Aug 2022 17:33:30 +0800 Subject: [PATCH 1/2] test --- libvirt.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirt.spec b/libvirt.spec index 8433457..2d422d8 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -101,7 +101,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 6.2.0 -Release: 41 +Release: 42 License: LGPLv2+ URL: https://libvirt.org/ -- Gitee From 11051e6723ce9593392773ef354832bc5b415c7f Mon Sep 17 00:00:00 2001 From: yezengruan Date: Thu, 25 Aug 2022 16:27:50 +0800 Subject: [PATCH 2/2] fix CVE-2021-3975 (openeuler !75) qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975) Signed-off-by: yezengruan --- libvirt.spec | 6 ++- ...-lock-in-qemuProcessHandleMonitorEOF.patch | 38 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch diff --git a/libvirt.spec b/libvirt.spec index 6ce883b..ad6a115 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -102,7 +102,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 6.2.0 -Release: 42 +Release: 43 License: LGPLv2+ URL: https://libvirt.org/ @@ -255,6 +255,7 @@ Patch0141: apibuild-Fix-self.waring-method-call.patch Patch0142: Add-and-initialize-the-stratovirt-driver.patch Patch0143: Add-the-function-of-create-and-destroy-domains-by-st.patch Patch0144: Add-command-virsh-list-virsh-suspend-virsh-resume-an.patch +Patch0145: qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2017,6 +2018,9 @@ exit 0 %changelog +* Thu Aug 25 2022 yezengruan - 6.2.0-43 +- qemu: Add missing lock in qemuProcessHandleMonitorEOF (CVE-2021-3975) + * Sat Aug 20 2022 mayunlong - 6.2.0-42 - add stratovirt driver diff --git a/qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch b/qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch new file mode 100644 index 0000000..94331e8 --- /dev/null +++ b/qemu-Add-missing-lock-in-qemuProcessHandleMonitorEOF.patch @@ -0,0 +1,38 @@ +From 0f32142c4a92c9aca7890f25e89b56973a906201 Mon Sep 17 00:00:00 2001 +From: Peng Liang +Date: Wed, 24 Feb 2021 19:28:23 +0800 +Subject: [PATCH] qemu: Add missing lock in qemuProcessHandleMonitorEOF + +qemuMonitorUnregister will be called in multiple threads (e.g. threads +in rpc worker pool and the vm event thread). In some cases, it isn't +protected by the monitor lock, which may lead to call g_source_unref +more than one time and a use-after-free problem eventually. + +Add the missing lock in qemuProcessHandleMonitorEOF (which is the only +position missing lock of monitor I found). + +Suggested-by: Michal Privoznik +Signed-off-by: Peng Liang +Signed-off-by: Michal Privoznik +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_process.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c +index d9209ac6d2..74bb9613bc 100644 +--- a/src/qemu/qemu_process.c ++++ b/src/qemu/qemu_process.c +@@ -316,7 +316,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon, + /* We don't want this EOF handler to be called over and over while the + * thread is waiting for a job. + */ ++ virObjectLock(mon); + qemuMonitorUnregister(mon); ++ virObjectUnlock(mon); + + /* We don't want any cleanup from EOF handler (or any other + * thread) to enter qemu namespace. */ +-- +2.27.0 + -- Gitee