qemu: hotplug: Fix use-after-free on media change via 'virsh attach-device'

[PATCH 0/2] qemu: hotplug: Fix use-after-free on media change via 'virsh attach-device'

Peter Krempa via Devel posted 2 patches 2 weeks, 3 days ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1772781240.git.pkrempa@redhat.com

src/qemu/qemu_hotplug.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)

Expand all Fold all

[PATCH 0/2] qemu: hotplug: Fix use-after-free on media change via 'virsh attach-device'

Posted by Peter Krempa via Devel 2 weeks, 3 days ago

Reported via gitlab:

https://gitlab.com/libvirt/libvirt/-/issues/859

I'll also later explore if it's possible to refactor the code to not
touch the device definition wrappers after hotplug so that the pointer
can be cleared properly when it's stolen into the domain definition.

Peter Krempa (2):
  qemuDomainAttachDeviceDiskLive: Remove 'disk' variable
  qemu: hotplug: Don't access disk definititon after it was freed after
    media change

 src/qemu/qemu_hotplug.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

-- 
2.53.0

Re: [PATCH 0/2] qemu: hotplug: Fix use-after-free on media change via 'virsh attach-device'

Posted by Michal Prívozník via Devel 2 weeks, 3 days ago

On 3/6/26 08:16, Peter Krempa via Devel wrote:
> Reported via gitlab:
> 
> https://gitlab.com/libvirt/libvirt/-/issues/859
> 
> I'll also later explore if it's possible to refactor the code to not
> touch the device definition wrappers after hotplug so that the pointer
> can be cleared properly when it's stolen into the domain definition.
> 
> Peter Krempa (2):
>   qemuDomainAttachDeviceDiskLive: Remove 'disk' variable
>   qemu: hotplug: Don't access disk definititon after it was freed after
>     media change
> 
>  src/qemu/qemu_hotplug.c | 15 +++++++--------
>  1 file changed, 7 insertions(+), 8 deletions(-)
> 

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal