From nobody Mon Feb  9 13:01:20 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1551756905837116.39760822774133;
 Mon, 4 Mar 2019 19:35:05 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id EAE80882F2;
	Tue,  5 Mar 2019 03:35:03 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B583B600C2;
	Tue,  5 Mar 2019 03:35:03 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 28058181A12C;
	Tue,  5 Mar 2019 03:35:03 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x253YtHQ004174 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 4 Mar 2019 22:34:55 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id CED7017F50; Tue,  5 Mar 2019 03:34:55 +0000 (UTC)
Received: from blue.redhat.com (ovpn-118-35.phx2.redhat.com [10.3.118.35])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3BE69608DA;
	Tue,  5 Mar 2019 03:34:55 +0000 (UTC)
From: Eric Blake <eblake@redhat.com>
To: libvir-list@redhat.com
Date: Mon,  4 Mar 2019 21:34:35 -0600
Message-Id: <20190305033445.17140-9-eblake@redhat.com>
In-Reply-To: <20190305033445.17140-1-eblake@redhat.com>
References: <20190305033445.17140-1-eblake@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: nsoffer@redhat.com
Subject: [libvirt] [PATCH v3 08/18] snapshot: Avoid latent use-after-free
	when cleaning snapshots
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Tue, 05 Mar 2019 03:35:04 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

Right now, the only callers of qemuDomainSnapshotDiscardAllMetadata()
are right before freeing the virDomainSnapshotObjList, so it did not
matter if the list's metaroot (which points to all the defined root
snapshots) is left inconsistent. But an upcoming patch will want to
clear all snapshots if a bulk redefine fails partway through, in
which case things must be reset.  Make this work by teaching the
existing virDomainSnapshotUpdateRelations() to be safe regardless of
the incoming state of the metaroot (since we don't want to leak that
internal detail into qemu code), then fixing the qemu code to use
it after deleting all snapshots.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/conf/snapshot_conf.c | 7 +++++--
 src/qemu/qemu_domain.c   | 4 ++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/conf/snapshot_conf.c b/src/conf/snapshot_conf.c
index 206b05c172..386ec82d15 100644
--- a/src/conf/snapshot_conf.c
+++ b/src/conf/snapshot_conf.c
@@ -1209,13 +1209,16 @@ virDomainSnapshotSetRelations(void *payload,
 }

 /* Populate parent link and child count of all snapshots, with all
- * relations starting as 0/NULL.  Return 0 on success, -1 if a parent
- * is missing or if a circular relationship was requested.  */
+ * assigned defs having relations starting as 0/NULL.  Return 0 on
+ * success, -1 if a parent is missing or if a circular relationship
+ * was requested.  */
 int
 virDomainSnapshotUpdateRelations(virDomainSnapshotObjListPtr snapshots)
 {
     struct snapshot_set_relation act =3D { snapshots, 0 };

+    snapshots->metaroot.nchildren =3D 0;
+    snapshots->metaroot.first_child =3D NULL;
     virHashForEach(snapshots->objs, virDomainSnapshotSetRelations, &act);
     return act.err;
 }
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index db25e1596c..3ac79fa50b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -8625,6 +8625,10 @@ qemuDomainSnapshotDiscardAllMetadata(virQEMUDriverPt=
r driver,
     rem.err =3D 0;
     virDomainSnapshotForEach(vm->snapshots, qemuDomainSnapshotDiscardAll,
                              &rem);
+    if (rem.current)
+        vm->current_snapshot =3D NULL;
+    if (virDomainSnapshotUpdateRelations(vm->snapshots) < 0 && !rem.err)
+        rem.err =3D -1;

     return rem.err;
 }
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list