[libvirt] [PATCH] Fix bug libvirt daemon segfault when new force console vm session break down existed console session. When force console vm command arrived, libvirtd will break down existed console session, and in this procedure, it will call daemonStreamEvent() to release resources , so daemonStreamFilter() need to check if stream filter existed when get client object lock and client->privData's lock, if not existed, just return -1

LanceLiu posted 1 patch 2 weeks ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/1574594065-106523-1-git-send-email-liu.lance.89@gmail.com
src/remote/remote_daemon_stream.c | 10 +++++++++-
src/rpc/virnetserverclient.c      | 12 ++++++++++++
src/rpc/virnetserverclient.h      |  2 ++
3 files changed, 23 insertions(+), 1 deletion(-)

[libvirt] [PATCH] Fix bug libvirt daemon segfault when new force console vm session break down existed console session. When force console vm command arrived, libvirtd will break down existed console session, and in this procedure, it will call daemonStreamEvent() to release resources , so daemonStreamFilter() need to check if stream filter existed when get client object lock and client->privData's lock, if not existed, just return -1

Posted by LanceLiu 2 weeks ago
---
 src/remote/remote_daemon_stream.c | 10 +++++++++-
 src/rpc/virnetserverclient.c      | 12 ++++++++++++
 src/rpc/virnetserverclient.h      |  2 ++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/remote/remote_daemon_stream.c b/src/remote/remote_daemon_stream.c
index 82cadb6..de0dca3 100644
--- a/src/remote/remote_daemon_stream.c
+++ b/src/remote/remote_daemon_stream.c
@@ -292,10 +292,18 @@ daemonStreamFilter(virNetServerClientPtr client,
 {
     daemonClientStream *stream = opaque;
     int ret = 0;
+    daemonClientPrivatePtr priv = NULL;
+    int filter_id = stream->filterID;
 
     virObjectUnlock(client);
+    priv = virNetServerClientGetPrivateData(client);
     virMutexLock(&stream->priv->lock);
     virObjectLock(client);
+    if (!virNetServerClientCheckFilterExist(client, filter_id)) {
+        VIR_WARN("this daemon stream filter: %d have been deleted!", filter_id);
+        ret = -1;
+        goto cleanup;
+    }
 
     if (msg->header.type != VIR_NET_STREAM &&
         msg->header.type != VIR_NET_STREAM_HOLE)
@@ -317,7 +325,7 @@ daemonStreamFilter(virNetServerClientPtr client,
     ret = 1;
 
  cleanup:
-    virMutexUnlock(&stream->priv->lock);
+    virMutexUnlock(&priv->lock);
     return ret;
 }
 
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 67b3bf9..f80f493 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -287,6 +287,18 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
     virObjectUnlock(client);
 }
 
+int virNetServerClientCheckFilterExist(virNetServerClientPtr client,
+                                       int filterID)
+{
+    virNetServerClientFilterPtr tmp;
+
+    tmp = client->filters;
+    while(tmp && tmp->id != filterID) {
+        tmp = tmp->next;
+    }
+
+    return (tmp != NULL);
+}
 
 /* Check the client's access. */
 static int
diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h
index 7a3061d..85fda39 100644
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -93,6 +93,8 @@ int virNetServerClientAddFilter(virNetServerClientPtr client,
 
 void virNetServerClientRemoveFilter(virNetServerClientPtr client,
                                     int filterID);
+int virNetServerClientCheckFilterExist(virNetServerClientPtr client,
+                                       int filterID);
 
 int virNetServerClientGetAuth(virNetServerClientPtr client);
 void virNetServerClientSetAuthLocked(virNetServerClientPtr client, int auth);
-- 
1.8.3.1


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list