1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH v2 0/2] Fix possible use-after-free when sending event message

John Ferlan posted 2 patches 7 years ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20170327164737.27053-1-jferlan@redhat.com
daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
1 file changed, 58 insertions(+), 106 deletions(-)
[libvirt] [PATCH v2 0/2] Fix possible use-after-free when sending event message
Posted by John Ferlan 7 years ago 
v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html

Change since v1, add the derefFcn as an argument to the renamed macro
(not quite sure how I missed that originally.

John Ferlan (2):
  daemon: Rework remoteClientFreeFunc cleanup loops into C macro
  remote: Fix possible use-after-free when sending event message

 daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
 1 file changed, 58 insertions(+), 106 deletions(-)

-- 
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 0/2] Fix possible use-after-free when sending event message
Posted by John Ferlan 7 years ago 

On 03/27/2017 12:47 PM, John Ferlan wrote:
> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html
> 
> Change since v1, add the derefFcn as an argument to the renamed macro
> (not quite sure how I missed that originally.
> 
> John Ferlan (2):
>   daemon: Rework remoteClientFreeFunc cleanup loops into C macro
>   remote: Fix possible use-after-free when sending event message
> 
>  daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
>  1 file changed, 58 insertions(+), 106 deletions(-)
> 


Laine took a look at patch 1/2 - anyone want to look at 2/2 which he
didn't feel comfortable looking at?

Essentially it follows similar logic to virObjectEventCallbackListAddID
when processing virObjectRef(conn), except this time the virObjectRef is
on virNetServerClientPtr client whenever the callback functions grab
it's address.  When the callback is free'd the reference is removed (in
remoteEventCallbackFree) so that virNetServerProcessClients doesn't
inadvertently free the client before the callback code is done with it
(sending an event message).

Tks -

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 0/2] Fix possible use-after-free when sending event message
Posted by John Ferlan 7 years ago 
ping?

Tks, -

John

On 04/03/2017 10:12 AM, John Ferlan wrote:
> 
> 
> On 03/27/2017 12:47 PM, John Ferlan wrote:
>> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html
>>
>> Change since v1, add the derefFcn as an argument to the renamed macro
>> (not quite sure how I missed that originally.
>>
>> John Ferlan (2):
>>   daemon: Rework remoteClientFreeFunc cleanup loops into C macro
>>   remote: Fix possible use-after-free when sending event message
>>
>>  daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
>>  1 file changed, 58 insertions(+), 106 deletions(-)
>>
> 
> 
> Laine took a look at patch 1/2 - anyone want to look at 2/2 which he
> didn't feel comfortable looking at?
> 
> Essentially it follows similar logic to virObjectEventCallbackListAddID
> when processing virObjectRef(conn), except this time the virObjectRef is
> on virNetServerClientPtr client whenever the callback functions grab
> it's address.  When the callback is free'd the reference is removed (in
> remoteEventCallbackFree) so that virNetServerProcessClients doesn't
> inadvertently free the client before the callback code is done with it
> (sending an event message).
> 
> Tks -
> 
> John
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 0/2] Fix possible use-after-free when sending event message
Posted by John Ferlan 6 years, 12 months ago 
Ping?

Tks

John

On 04/12/2017 07:58 PM, John Ferlan wrote:
> 
> ping?
> 
> Tks, -
> 
> John
> 
> On 04/03/2017 10:12 AM, John Ferlan wrote:
>>
>>
>> On 03/27/2017 12:47 PM, John Ferlan wrote:
>>> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html
>>>
>>> Change since v1, add the derefFcn as an argument to the renamed macro
>>> (not quite sure how I missed that originally.
>>>
>>> John Ferlan (2):
>>>   daemon: Rework remoteClientFreeFunc cleanup loops into C macro
>>>   remote: Fix possible use-after-free when sending event message
>>>
>>>  daemon/remote.c | 164 ++++++++++++++++++++------------------------------------
>>>  1 file changed, 58 insertions(+), 106 deletions(-)
>>>
>>
>>
>> Laine took a look at patch 1/2 - anyone want to look at 2/2 which he
>> didn't feel comfortable looking at?
>>
>> Essentially it follows similar logic to virObjectEventCallbackListAddID
>> when processing virObjectRef(conn), except this time the virObjectRef is
>> on virNetServerClientPtr client whenever the callback functions grab
>> it's address.  When the callback is free'd the reference is removed (in
>> remoteEventCallbackFree) so that virNetServerProcessClients doesn't
>> inadvertently free the client before the callback code is done with it
>> (sending an event message).
>>
>> Tks -
>>
>> John
>>
>> --
>> libvir-list mailing list
>> libvir-list@redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>>
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.