qemu: Fix use-after free when redefining snapshots and cleanup the code

[PATCH partially-for-8.0 00/17] qemu: Fix use-after free when redefining snapshots and cleanup the code

Peter Krempa posted 17 patches 2 years, 3 months ago

Download series mbox

Test syntax-check failed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1642010887.git.pkrempa@redhat.com

src/conf/snapshot_conf.c            | 120 +++++++++++++++-------------
src/conf/snapshot_conf.h            |  13 +--
src/conf/virdomainmomentobjlist.c   |   9 +--
src/conf/virdomainsnapshotobjlist.c |  29 ++++++-
src/conf/virdomainsnapshotobjlist.h |   5 +-
src/libvirt_private.syms            |   1 +
src/qemu/qemu_driver.c              |  18 ++---
src/qemu/qemu_snapshot.c            |  35 ++++----
src/test/test_driver.c              |  89 ++++++++++++---------
src/vz/vz_sdk.c                     |   3 +-
10 files changed, 180 insertions(+), 142 deletions(-)

Expand all Fold all

[PATCH partially-for-8.0 00/17] qemu: Fix use-after free when redefining snapshots and cleanup the code

Posted by Peter Krempa 2 years, 3 months ago

Patches 1 and 2 should be pushed for 8.0 as the bug was introduced in
this dev cycle and the patches are specifically kept very simple.

The rest of the series refactors the snapshot validation and helper code
to have less weird semantics which lead to this bug.

Peter Krempa (17):
  qemuSnapshotRedefine: Rename 'def' to 'snapdef'
  qemuSnapshotRedefine: Fix use of snapshot definition after free
  virDomainMomentAssignDef: Simplify error handling
  virDomainSnapshotRedefineValidate: Fix validation of
    VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY flag
  virDomainSnapshotAlignDisks: Improve function comment
  virDomainSnapshotAlignDisks: Convert @default_snapshot to
    virDomainSnapshotLocation
  virDomainSnapshotAlignDisks: Move 'require_match' selection logic
    inside
  virDomainSnapshotAlignDisks: Allow alternate domain definition when
    redefining
  virDomainSnapshotRedefineValidate: Unexport
  virDomainSnapshotRedefinePrep: Use 'snapdef' for snapshot definition
    object
  virDomainSnapshotRedefineValidate: Don't modify the snapshot
    definition
  testDomainSnapshotCreateXML: Extract snapshot redefinition code
  qemuSnapshotCreate: Use 'snapdef' instead of 'def'
  qemuSnapshotCreate: Standardize handling of the reference on @snapdef
  qemuDomainSnapshotLoad: Refactor handling of snapshot definition
    object
  virDomainSnapshotAssignDef: Clear second argument when it is consumed
  virDomainSnapshotRedefinePrep: Don't do partial redefine

 src/conf/snapshot_conf.c            | 120 +++++++++++++++-------------
 src/conf/snapshot_conf.h            |  13 +--
 src/conf/virdomainmomentobjlist.c   |   9 +--
 src/conf/virdomainsnapshotobjlist.c |  29 ++++++-
 src/conf/virdomainsnapshotobjlist.h |   5 +-
 src/libvirt_private.syms            |   1 +
 src/qemu/qemu_driver.c              |  18 ++---
 src/qemu/qemu_snapshot.c            |  35 ++++----
 src/test/test_driver.c              |  89 ++++++++++++---------
 src/vz/vz_sdk.c                     |   3 +-
 10 files changed, 180 insertions(+), 142 deletions(-)

-- 
2.31.1