From nobody Tue Feb 10 04:33:02 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 207.211.31.81 as permitted sender) client-ip=207.211.31.81;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1575562164; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Br9sRvgqMiLpE2efKgzaH2G0elSJ3rFkIUYx3krDe9kCWlYL29snBJOvDn2qxtOWbM5xNzaGuuVdAfaOkswGGz7TdJV4b5FssOXid7pj/1TtskaDxR6jK14B+TBHEQgN0b0kiVjmMAVKL8x2SdlP+WnfAWad5tct6ewHv7hrm5U=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1575562164;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=4UV4iWcwxIRBhnoZSSDYc2JCqD7eVbeGUjbm7GG+ums=;
	b=AznUX33tz9Pt4kKcawLysNBCNn1vYZYyqbCJsC7w9eNsKeyv0442hHtf17DYFGGLcJ08xS7QJ6YjuKHZeAGCBULEUlqKHLsfcDfAkqHvG8xvJ+TL3aM1d0c5aJKzatM9BAvYnOkvqOOKBI0w492W19hV+lvoWfewqPKHjY6MC0s=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<jjongsma@redhat.com> (p=none dis=none)
 header.from=<jjongsma@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [207.211.31.81]) by mx.zohomail.com
	with SMTPS id 1575562164057393.05090953981426;
 Thu, 5 Dec 2019 08:09:24 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-309-MEbtuX4BPa6ytqOtRA23Sg-1; Thu, 05 Dec 2019 11:09:21 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A1DC48FB585;
	Thu,  5 Dec 2019 16:09:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 57B811B462;
	Thu,  5 Dec 2019 16:09:12 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id EEAF265D25;
	Thu,  5 Dec 2019 16:09:11 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id xB5G959R024095 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 5 Dec 2019 11:09:05 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 7DD3A600D1; Thu,  5 Dec 2019 16:09:05 +0000 (UTC)
Received: from himantopus.redhat.com (ovpn-116-111.phx2.redhat.com
	[10.3.116.111])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4B91160132
	for <libvir-list@redhat.com>; Thu,  5 Dec 2019 16:09:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1575562162;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=4UV4iWcwxIRBhnoZSSDYc2JCqD7eVbeGUjbm7GG+ums=;
	b=IXqOrQeoTMW75lIxvaIET7Uvqep1Z22lPUqmhkhDHQljCwrAuXH1gTbHvOF0PL74h5w9vD
	oHqNuqa3S8H0MSsAVtV23i6aJrPxALA9o302rpgoXAEnU1gDuR+3wrB+WdT36Qhpe/lBvX
	E0Oqpprahd0CZsNMreH+Jj1oq7UB35g=
From: Jonathon Jongsma <jjongsma@redhat.com>
To: libvir-list@redhat.com
Date: Thu,  5 Dec 2019 10:08:56 -0600
Message-Id: <20191205160857.30182-8-jjongsma@redhat.com>
In-Reply-To: <20191205160857.30182-1-jjongsma@redhat.com>
References: <20191205160857.30182-1-jjongsma@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 7/8] qemu: remove use of
	qemuDomainObjBeginJobWithAgent()
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-MC-Unique: MEbtuX4BPa6ytqOtRA23Sg-1
X-Mimecast-Spam-Score: 0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

This function will be removed in a future commit because it allows the
caller to acquire both monitor and agent jobs at the same time. Holding
both job types creates a vulnerability to denial of service from a
malicious guest agent.

qemuDomainSetVcpusFlags() always passes NONE for either the monitor job
or the agent job (and thus is not vulnerable to the DoS), so we can
simply replace this function with the functions for acquiring the
appropriate type of job.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
---
 src/qemu/qemu_driver.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 1cf54cda8a..921230b8ce 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5045,8 +5045,6 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
     virDomainDefPtr persistentDef;
     bool hotpluggable =3D !!(flags & VIR_DOMAIN_VCPU_HOTPLUGGABLE);
     bool useAgent =3D !!(flags & VIR_DOMAIN_VCPU_GUEST);
-    qemuDomainJob job =3D QEMU_JOB_NONE;
-    qemuDomainAgentJob agentJob =3D QEMU_AGENT_JOB_NONE;
     int ret =3D -1;
=20
     virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
@@ -5061,13 +5059,14 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
     if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
         goto cleanup;
=20
-    if (useAgent)
-        agentJob =3D QEMU_AGENT_JOB_MODIFY;
-    else
-        job =3D QEMU_JOB_MODIFY;
=20
-    if (qemuDomainObjBeginJobWithAgent(driver, vm, job, agentJob) < 0)
-        goto cleanup;
+    if (useAgent) {
+        if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) =
< 0)
+            goto cleanup;
+    } else {
+        if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+            goto cleanup;
+    }
=20
     if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0)
         goto endjob;
@@ -5081,7 +5080,7 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
                                          nvcpus, hotpluggable);
=20
  endjob:
-    if (agentJob)
+    if (useAgent)
         qemuDomainObjEndAgentJob(vm);
     else
         qemuDomainObjEndJob(driver, vm);
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list