From nobody Tue Apr 30 03:45:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1664452609; cv=none; d=zohomail.com; s=zohoarc; b=kXBx9yNT2/1vrMI18uBsZUYUfXr+0mXggB8HSCorRALfLq2jrbrMd/c7S4MH95FAbiN7Ml2Q/z9v/2eFCiz50QkX5KUmu1qBqyYrRHr028kB2PDRJn7UXpqNtoTyR7pPv/tsFbpSjYK8j1pD+3in1W1Koe2QhjQ+ZBZkrJKEeFE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664452609; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=RXDxfS9Es8KyV0xRr71MxbSQx2nxzmJGp1APIv5WoZc=; b=WQcv2OwAdHlswngDz23UqZZhrCWE0kmlTLnzKWPyS1OCdHpr7HQEezmHkUYvnfgsgFFlba7Mnol+k3NDiFLvgIAQjwwW7OWJAEwgtPWGcB9+j5bBE78S/aCAMkEM2jUdjjfLtUt0h1m4xTlue5nzUJq/Fppm2Ih1OGtfYSXm4kI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1664452609711456.36253040343786; Thu, 29 Sep 2022 04:56:49 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-380-T3oZpaI6M3KOyVIwdTps1w-1; Thu, 29 Sep 2022 07:56:45 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7CEBC101E14C; Thu, 29 Sep 2022 11:56:43 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 68DB940EFB06; Thu, 29 Sep 2022 11:56:41 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3389C1946A45; Thu, 29 Sep 2022 11:56:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7060219465B8 for ; Thu, 29 Sep 2022 11:56:40 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 5A7211415114; Thu, 29 Sep 2022 11:56:40 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.43.2.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 023D8140EBF4 for ; Thu, 29 Sep 2022 11:56:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1664452608; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=RXDxfS9Es8KyV0xRr71MxbSQx2nxzmJGp1APIv5WoZc=; b=OvUkMryJltkJRr2CKG5cg3VGpwJKPf5m3J2/wYexV/ryxWQwqpNyEJL4Hp87c6oAI5ESxh ZZ5xQyEygYOLEbBsKEcRhrX/10nr2/RUxRYm3SF/hcXO8aIvNK4k5NcPSbdlDEiPQ2AWLa 2ZIMsVYELR+bbOnXfHDI/vfT2/Chi6o= X-MC-Unique: T3oZpaI6M3KOyVIwdTps1w-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Kristina Hanicova To: libvir-list@redhat.com Subject: [PATCH] virdomainjob: preserveJob: memdup the cb structure instead of copying it Date: Thu, 29 Sep 2022 13:56:30 +0200 Message-Id: <7e223ffa9f45f18712ca97aa8a414f8f644d11d9.1664452583.git.khanicov@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1664452611222100001 Content-Type: text/plain; charset="utf-8"; x-default="true" In case of variable 'oldjob' (job structure) in qemuProcessReconnect() the init function was not called and the cb pointer was just copied from the existing job structure in virDomainObjPreserveJob(). This caused that the job and oldjob had the same pointer, which was later freed at the end of the qemuProcessReconnect() function by automatic call to virDomainObjClearJob(). This caused an invalid read in case of a daemon crash as the job structure was trying to read cb which had been already freed. This patch changes the copying to g_memdup that allocates different pointer, which can be later safely freed. Signed-off-by: Kristina Hanicova Reviewed-by: Michal Privoznik --- src/conf/virdomainjob.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conf/virdomainjob.c b/src/conf/virdomainjob.c index aca801af38..0c67e84ef1 100644 --- a/src/conf/virdomainjob.c +++ b/src/conf/virdomainjob.c @@ -210,7 +210,7 @@ virDomainObjPreserveJob(virDomainJobObj *currJob, if (currJob->cb && currJob->cb->allocJobPrivate && !(currJob->privateData =3D currJob->cb->allocJobPrivate())) return -1; - job->cb =3D currJob->cb; + job->cb =3D g_memdup(currJob->cb, sizeof(*currJob->cb)); =20 virDomainObjResetJob(currJob); virDomainObjResetAsyncJob(currJob); --=20 2.37.3