From nobody Thu Dec 26 21:38:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1732203492; cv=none; d=zohomail.com; s=zohoarc; b=fnFMexIqCsAzISVkOGcOyHaGtPnImLZNsFq6aUlpvzjXj1hU+Lrlxzl/UJV43ictL+38SVPF0wMtNBG3FIZY9ZQ/meFNEgg4Au5mtV8KhT0AwJY6NSvvBDKF19NMvDMrVl4Ho92WH6Frt+w9FHmIQ37bV5ozAHKf6xutBzcOFXA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1732203492; h=Content-Type:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=+ZkK/2OeFIOJM5g9XgwUaATX3Q2iMdDZ+9QmaySvDDU=; b=a01n4ZA0fGfiiTvdwsTPFp9x/T7vbtJj28ZhrHFZTObUmmqAIlKZvWg9XCRs77UEcLuM9mn0rUhXOfaPvo0/ho4R0pkdvtpZ1e1TMfnSPv7kMYbjvVXYbtef9gvEd7xRw3wKgXHIGEM9YifZltreEyZq+wlXlw70ItJOiTs8SAQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1732203492344203.1249520245899; Thu, 21 Nov 2024 07:38:12 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id DB8A5C65; Thu, 21 Nov 2024 10:38:10 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id E570DB12; Thu, 21 Nov 2024 10:37:51 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id B4917155A; Thu, 21 Nov 2024 10:36:28 -0500 (EST) Received: from mail-oa1-f50.google.com (mail-oa1-f50.google.com [209.85.160.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E725E1560 for ; Thu, 21 Nov 2024 10:36:27 -0500 (EST) Received: by mail-oa1-f50.google.com with SMTP id 586e51a60fabf-2969dc28d9eso691806fac.0 for ; Thu, 21 Nov 2024 07:36:27 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732203387; x=1732808187; darn=lists.libvirt.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=+ZkK/2OeFIOJM5g9XgwUaATX3Q2iMdDZ+9QmaySvDDU=; b=PXDxRCLkTuNaBK36aq3ggmDdXbj5mFYgAaDjnieYFck7qI/xyu36H9eeg8UFXtNcPh o6aP9egs/fRSQxiMvg+HCwhqYznw1RCovmXwBkZ5Y7Icnllqa2YbdTDkLsWfcN9bZXq+ Cxxcvy2CabvZ/RbVWelSGKel/3KLJfOZLHsiK48bFmMtAT2lxKOJ/6hXOSSC4M4bAXAB jV7xwEtmoBlmvjy8AmOuRG7V7ltGGjTwQuAFLJ+HvyydWhdd+yZwqZ6BZte31x+R+Uvl Gugdyz6tzIavfc8Pstgyy4yNUSmomUHCSXXexpmbYtcVZ+2eXT1yhg5S9F6Qa11hmXB8 Sbxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732203387; x=1732808187; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=+ZkK/2OeFIOJM5g9XgwUaATX3Q2iMdDZ+9QmaySvDDU=; b=uOUQHKN95Bn+2WTBSVJrWMC/RsI/kV+66xliU1854p/xd1uDr/17WqEeXBB2P+QDnm 59VvvMKmMFtkpVs3+8Tf5Zti2Mam+Xxh3ICbjVWJoko5YEPI+Z0ElmYZTQRvpy+myGYq KAsblJnp+zsLHi1VKXG++6eoRzhW5bjxOPpRZ4tKdJ5lVo7oT2ciss1NPTIkPi1QpS4s PRFgbkijDq9Lb4g4uUbssr1DNrWru146qbh7vA9AV0m8aUtFK1OCe6vmdnFr5EEus8Vz GEGZNNKmdkhBfw0hwjTfA5to9iRZiekdzn6UiwtIM4oDUeCCOrwNQqTSMzEX/g9gjLVk 94Qg== X-Gm-Message-State: AOJu0YwI1Dkz+BPeZ2llSBnUJ/cVQxQx0Sqb1r9R5DGbCSW4tU7LSzCi +DNuYrs0WPiqkxfFgxfIMs8+easKE7Fe45v8MIk8fd0ZxBiAKBsqr4hjSE437REHKhCRn66E3KF Q3uXYwm1FuronMlW8oFDpsuHENVJWj2mrEWc= X-Gm-Gg: ASbGncu/aDzqG2+pOJuGoWjSSArUT+7jPXFslKyStWVJ3H/U68zYqu/KHgVf2Fcswei pix4Qlzse7HbGec/KuprMlx3/csotor0y X-Google-Smtp-Source: AGHT+IH+Iu7zveU93EfHY0B6L8VcfqLQk0tU0/ONebkxruUmSLdq+G8yoNAIlHbJHIbP7XskHArpBU9Lx7JO5vcmvMk= X-Received: by 2002:a05:6870:418d:b0:287:20ea:2db2 with SMTP id 586e51a60fabf-296d9b66aedmr7694905fac.25.1732203387035; Thu, 21 Nov 2024 07:36:27 -0800 (PST) MIME-Version: 1.0 From: jungle man Date: Thu, 21 Nov 2024 23:36:14 +0800 Message-ID: Subject: [PATCH] qemu:qemu_snapshot: Fix a libvirtd cransh when delete snapshot To: devel@lists.libvirt.org Content-Type: multipart/alternative; boundary="00000000000090281e06276e07f3" X-MailFrom: jungleman759@gmail.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 Message-ID-Hash: BGBXVK5BAOGDT5PE7FKV2Q6SP5FBST4E X-Message-ID-Hash: BGBXVK5BAOGDT5PE7FKV2Q6SP5FBST4E X-Mailman-Approved-At: Thu, 21 Nov 2024 15:37:49 -0500 X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1732203493421116600 Content-Transfer-Encoding: quoted-printable --00000000000090281e06276e07f3 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 cWVtdURvbWFpbkRpc2tCeU5hbWUoKSBjYW4gcmV0dXJuIGEgTlVMTCBwb2ludGVyIG9uIGZhaWx1 cmUsIGJ1dCB0aGlzCnJldHVybmVkIHZhbHVlIGluIHFlbXVTbmFwc2hvdERlbGV0ZVZhbGlkYXRl IGlzIG5vdCBjaGVja2VkLgpJdCB3aWxsIG1ha2UgbGlidmlydGQgY3Jhc2guCgpkaWZmIC0tZ2l0 IGEvc3JjL3FlbXUvcWVtdV9zbmFwc2hvdC5jIGIvc3JjL3FlbXUvcWVtdV9zbmFwc2hvdC5jCmlu ZGV4IDViM2FhZGNiZjAuLjUyMzEyYjRhN2IgMTAwNjQ0Ci0tLSBhL3NyYy9xZW11L3FlbXVfc25h cHNob3QuYworKysgYi9zcmMvcWVtdS9xZW11X3NuYXBzaG90LmMKQEAgLTQyMzUsOCArNDIzNSwx MSBAQCBxZW11U25hcHNob3REZWxldGVWYWxpZGF0ZSh2aXJEb21haW5PYmogKnZtLAogICAgICAg ICAgICAgdmlyRG9tYWluRGlza0RlZiAqdm1kaXNrID0zRCBOVUxMOwogICAgICAgICAgICAgdmly RG9tYWluRGlza0RlZiAqZGlzayA9M0QgTlVMTDsKCi0gICAgICAgICAgICB2bWRpc2sgPTNEIHFl bXVEb21haW5EaXNrQnlOYW1lKHZtLT5kZWYsIHNuYXBEaXNrLT5uYW1lKTsKLSAgICAgICAgICAg IGRpc2sgPTNEIHFlbXVEb21haW5EaXNrQnlOYW1lKHNuYXBkZWYtPnBhcmVudC5kb20sCnNuYXBE aXNrLT5uYW1lKTsKKyAgICAgICAgICAgIGlmICghKHZtZGlzayA9M0QgcWVtdURvbWFpbkRpc2tC eU5hbWUodm0tPmRlZiwgc25hcERpc2stPm5hbWUpPQopKQorICAgICAgICAgICAgICAgIHJldHVy biAtMTsKKworICAgICAgICAgICAgaWYgKCEoZGlzayA9M0QgcWVtdURvbWFpbkRpc2tCeU5hbWUo c25hcGRlZi0+cGFyZW50LmRvbSwKc25hcERpc2stPm5hbWUpKSkKKyAgICAgICAgICAgICAgICBy ZXR1cm4gLTE7CgogICAgICAgICAgICAgaWYgKCF2aXJTdG9yYWdlU291cmNlSXNTYW1lTG9jYXRp b24odm1kaXNrLT5zcmMsIGRpc2stPnNyYykpIHsKICAgICAgICAgICAgICAgICB2aXJSZXBvcnRF cnJvcihWSVJfRVJSX09QRVJBVElPTl9VTlNVUFBPUlRFRCw= --00000000000090281e06276e07f3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
qemuDomainDiskByName() can return a NULL pointer on failur= e, but this
returned value in qemuSnapshotDeleteValidate is not checked.=
It will make libvirtd crash.

diff --git a/src/qemu/q= emu_snapshot.c b/src/qemu/qemu_snapshot.c
index 5b3aadcbf0..52312b4a7b 1= 00644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c@@ -4235,8 +4235,11 @@ qemuSnapshotDeleteValidate(virDomainObj *vm,
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0virDomainDiskDef *vmdisk = =3D NULL;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0virDomainDiskD= ef *disk =3D NULL;

- =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0vmdisk= =3D qemuDomainDiskByName(vm->def, snapDisk->name);
- =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0disk =3D qemuDomainDiskByName(snapdef->pa= rent.dom, snapDisk->name);
+ =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0if (!(vmdisk =3D qemuDomainDiskByName(vm->def, snapDisk->name)))+ =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -1;
+<= br>+ =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (!(disk =3D qemuDomainDisk= ByName(snapdef->parent.dom, snapDisk->name)))
+ =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -1;

=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (!virStorageSourceIsSameLocation(vmdisk-&= gt;src, disk->src)) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
--00000000000090281e06276e07f3--