|
 |
c401cc |
From ef63cc21b9ac53c15c9a127217afe9ff630ff812 Mon Sep 17 00:00:00 2001
|
|
|
c401cc |
Message-Id: <ef63cc21b9ac53c15c9a127217afe9ff630ff812@dist-git>
|
|
|
c401cc |
From: Peter Krempa <pkrempa@redhat.com>
|
|
|
c401cc |
Date: Wed, 26 Feb 2014 14:55:21 +0100
|
|
|
c401cc |
Subject: [PATCH] qemu: Avoid crash in qemuDiskGetActualType
|
|
|
c401cc |
|
|
|
c401cc |
https://bugzilla.redhat.com/show_bug.cgi?id=1032370
|
|
|
c401cc |
|
|
|
c401cc |
Libvirtd would crash if a domain contained an empty cdrom drive of
|
|
|
c401cc |
type='volume' as the disk def->srcpool member would be dereferenced. Fix
|
|
|
c401cc |
it by checking if the source pool is present before dereferencing it.
|
|
|
c401cc |
|
|
|
c401cc |
Also alter tests to catch this issue in the future.
|
|
|
c401cc |
|
|
|
c401cc |
Reported by: Kevin Shanahan
|
|
|
c401cc |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328
|
|
|
c401cc |
|
|
|
c401cc |
(cherry picked from commit 7f0fd427413fe04963b1bcb158cf70e980ad1842)
|
|
|
c401cc |
|
|
|
c401cc |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
c401cc |
---
|
|
|
c401cc |
src/qemu/qemu_conf.c | 2 +-
|
|
|
c401cc |
tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args | 2 ++
|
|
|
c401cc |
tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml | 6 ++++++
|
|
|
c401cc |
3 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
c401cc |
|
|
|
c401cc |
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
|
|
|
c401cc |
index 2f1f587..1f25675 100644
|
|
|
c401cc |
--- a/src/qemu/qemu_conf.c
|
|
|
c401cc |
+++ b/src/qemu/qemu_conf.c
|
|
|
c401cc |
@@ -1271,7 +1271,7 @@ cleanup:
|
|
|
c401cc |
int
|
|
|
c401cc |
qemuDiskGetActualType(virDomainDiskDefPtr def)
|
|
|
c401cc |
{
|
|
|
c401cc |
- if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME)
|
|
|
c401cc |
+ if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME && def->srcpool)
|
|
|
c401cc |
return def->srcpool->actualtype;
|
|
|
c401cc |
|
|
|
c401cc |
return def->type;
|
|
|
c401cc |
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
|
|
|
c401cc |
index 8e04b12..5ae26c9 100644
|
|
|
c401cc |
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
|
|
|
c401cc |
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
|
|
|
c401cc |
@@ -3,6 +3,8 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
|
|
|
c401cc |
-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -drive \
|
|
|
c401cc |
file=/some/block/device/cdrom,if=none,media=cdrom,id=drive-ide0-0-1 -device \
|
|
|
c401cc |
ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -drive \
|
|
|
c401cc |
+if=none,media=cdrom,id=drive-ide0-1-0 -device \
|
|
|
c401cc |
+ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive \
|
|
|
c401cc |
file=/tmp/idedisk.img,if=none,id=drive-ide0-0-2 -device \
|
|
|
c401cc |
ide-drive,bus=ide.0,unit=2,drive=drive-ide0-0-2,id=ide0-0-2 -device \
|
|
|
c401cc |
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4
|
|
|
c401cc |
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
|
|
|
c401cc |
index 6ca5cf7..e96f76e 100644
|
|
|
c401cc |
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
|
|
|
c401cc |
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
|
|
|
c401cc |
@@ -24,6 +24,12 @@
|
|
|
c401cc |
<readonly/>
|
|
|
c401cc |
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
|
|
|
c401cc |
</disk>
|
|
|
c401cc |
+ <disk type='volume' device='cdrom'>
|
|
|
c401cc |
+ <driver name='qemu' type='raw'/>
|
|
|
c401cc |
+ <target dev='hdc' bus='ide'/>
|
|
|
c401cc |
+ <readonly/>
|
|
|
c401cc |
+ <address type='drive' controller='0' bus='1' target='0' unit='0'/>
|
|
|
c401cc |
+ </disk>
|
|
|
c401cc |
<disk type='file' device='disk'>
|
|
|
c401cc |
<source file='/tmp/idedisk.img'/>
|
|
|
c401cc |
<target dev='hdc' bus='ide'/>
|
|
|
c401cc |
--
|
|
|
c401cc |
1.9.0
|
|
|
c401cc |
|