|
 |
43fe83 |
From 851b4b9bf41d54da89fc78623785280ff0b9b05b Mon Sep 17 00:00:00 2001
|
|
|
43fe83 |
Message-Id: <851b4b9bf41d54da89fc78623785280ff0b9b05b.1380703761.git.jdenemar@redhat.com>
|
|
|
43fe83 |
From: Peter Krempa <pkrempa@redhat.com>
|
|
|
43fe83 |
Date: Thu, 26 Sep 2013 14:03:04 +0200
|
|
|
43fe83 |
Subject: [PATCH] conf: Don't crash on invalid chardev source definition of
|
|
|
43fe83 |
RNGs and other
|
|
|
43fe83 |
|
|
|
43fe83 |
Since commit 297c99a5 an invalid source definition XML of a character
|
|
|
43fe83 |
device that is used as backend for RNG devices, smartcards and redirdevs
|
|
|
43fe83 |
causes crash of the daemon when parsing such a definition.
|
|
|
43fe83 |
|
|
|
43fe83 |
The device types mentioned above are not a part of a regular character
|
|
|
43fe83 |
device but are backends for other types. Thus when parsing such device
|
|
|
43fe83 |
NULL is passed as the argument @chr_def. Later when checking the
|
|
|
43fe83 |
validity of the definition @chr_def was dereferenced when parsing a UNIX
|
|
|
43fe83 |
socket backend with missing path of the socket and crashed the daemon.
|
|
|
43fe83 |
|
|
|
43fe83 |
Sample offending configuration:
|
|
|
43fe83 |
<devices>
|
|
|
43fe83 |
...
|
|
|
43fe83 |
<rng model='virtio'>
|
|
|
43fe83 |
<backend model='egd' type='unix'>
|
|
|
43fe83 |
<source mode='bind' service='1024'/>
|
|
|
43fe83 |
</backend>
|
|
|
43fe83 |
</rng>
|
|
|
43fe83 |
</devices>
|
|
|
43fe83 |
|
|
|
43fe83 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196
|
|
|
43fe83 |
(cherry picked from commit 795527548fea79902ea4ce32747e069944cf3e61)
|
|
|
43fe83 |
|
|
|
43fe83 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
43fe83 |
---
|
|
|
43fe83 |
src/conf/domain_conf.c | 3 ++-
|
|
|
43fe83 |
.../qemuxml2argv-virtio-rng-egd-crash.xml | 27 ++++++++++++++++++++++
|
|
|
43fe83 |
tests/qemuxml2argvtest.c | 2 ++
|
|
|
43fe83 |
3 files changed, 31 insertions(+), 1 deletion(-)
|
|
|
43fe83 |
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
|
|
|
43fe83 |
|
|
|
43fe83 |
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
|
|
43fe83 |
index b46381f..c391eae 100644
|
|
|
43fe83 |
--- a/src/conf/domain_conf.c
|
|
|
43fe83 |
+++ b/src/conf/domain_conf.c
|
|
|
43fe83 |
@@ -7014,7 +7014,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
|
|
|
43fe83 |
case VIR_DOMAIN_CHR_TYPE_UNIX:
|
|
|
43fe83 |
/* path can be auto generated */
|
|
|
43fe83 |
if (!path &&
|
|
|
43fe83 |
- chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) {
|
|
|
43fe83 |
+ (!chr_def ||
|
|
|
43fe83 |
+ chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) {
|
|
|
43fe83 |
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
43fe83 |
_("Missing source path attribute for char device"));
|
|
|
43fe83 |
goto error;
|
|
|
43fe83 |
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
|
|
|
43fe83 |
new file mode 100644
|
|
|
43fe83 |
index 0000000..ce18ea0
|
|
|
43fe83 |
--- /dev/null
|
|
|
43fe83 |
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
|
|
|
43fe83 |
@@ -0,0 +1,27 @@
|
|
|
43fe83 |
+<domain type='qemu'>
|
|
|
43fe83 |
+ <name>QEMUGuest1</name>
|
|
|
43fe83 |
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
|
|
|
43fe83 |
+ <memory unit='KiB'>219100</memory>
|
|
|
43fe83 |
+ <currentMemory unit='KiB'>219100</currentMemory>
|
|
|
43fe83 |
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
|
|
|
43fe83 |
+ <os>
|
|
|
43fe83 |
+ <type arch='i686' machine='pc'>hvm</type>
|
|
|
43fe83 |
+ <boot dev='hd'/>
|
|
|
43fe83 |
+ </os>
|
|
|
43fe83 |
+ <clock offset='utc'/>
|
|
|
43fe83 |
+ <on_poweroff>destroy</on_poweroff>
|
|
|
43fe83 |
+ <on_reboot>restart</on_reboot>
|
|
|
43fe83 |
+ <on_crash>destroy</on_crash>
|
|
|
43fe83 |
+ <devices>
|
|
|
43fe83 |
+ <emulator>/usr/bin/qemu</emulator>
|
|
|
43fe83 |
+ <controller type='usb' index='0'/>
|
|
|
43fe83 |
+ <controller type='pci' index='0' model='pci-root'/>
|
|
|
43fe83 |
+ <memballoon model='virtio'/>
|
|
|
43fe83 |
+ <rng model='virtio'>
|
|
|
43fe83 |
+ <backend model='egd' type='unix'>
|
|
|
43fe83 |
+
|
|
|
43fe83 |
+ <source mode='connect' host='1.2.3.4' service='1234'/>
|
|
|
43fe83 |
+ </backend>
|
|
|
43fe83 |
+ </rng>
|
|
|
43fe83 |
+ </devices>
|
|
|
43fe83 |
+</domain>
|
|
|
43fe83 |
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
|
|
|
43fe83 |
index ca72947..aa43145 100644
|
|
|
43fe83 |
--- a/tests/qemuxml2argvtest.c
|
|
|
43fe83 |
+++ b/tests/qemuxml2argvtest.c
|
|
|
43fe83 |
@@ -970,6 +970,8 @@ mymain(void)
|
|
|
43fe83 |
QEMU_CAPS_OBJECT_RNG_RANDOM);
|
|
|
43fe83 |
DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
|
|
|
43fe83 |
QEMU_CAPS_OBJECT_RNG_EGD);
|
|
|
43fe83 |
+ DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE,
|
|
|
43fe83 |
+ QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD);
|
|
|
43fe83 |
DO_TEST("virtio-rng-ccw",
|
|
|
43fe83 |
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
|
|
|
43fe83 |
QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW,
|
|
|
43fe83 |
--
|
|
|
43fe83 |
1.8.3.2
|
|
|
43fe83 |
|