|
 |
fbe740 |
From f06f903d5cb3c14853a7213b6a70c078380b7a62 Mon Sep 17 00:00:00 2001
|
|
|
fbe740 |
Message-Id: <f06f903d5cb3c14853a7213b6a70c078380b7a62@dist-git>
|
|
|
fbe740 |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
fbe740 |
Date: Fri, 24 Jan 2020 15:05:50 +0100
|
|
|
fbe740 |
Subject: [PATCH] qemu_conf: Avoid dereferencing NULL in
|
|
|
fbe740 |
virQEMUDriverGetHost{NUMACaps, CPU}
|
|
|
fbe740 |
|
|
|
fbe740 |
When fixing [1] I've ran attached reproducer and had it spawn
|
|
|
fbe740 |
1024 threads and query capabilities XML in each one of them. This
|
|
|
fbe740 |
lead libvirtd to hit the RLIMIT_NOFILE limit which was kind of
|
|
|
fbe740 |
expected. What wasn't expected was a subsequent segfault. It
|
|
|
fbe740 |
happened because virCPUProbeHost failed and returned NULL. We've
|
|
|
fbe740 |
taken the NULL and passed it to virCapabilitiesHostNUMARef()
|
|
|
fbe740 |
which dereferenced it. Code inspection showed the same flas in
|
|
|
fbe740 |
virQEMUDriverGetHostNUMACaps(), so I'm fixing both places.
|
|
|
fbe740 |
|
|
|
fbe740 |
1: https://bugzilla.redhat.com/show_bug.cgi?id=1791790
|
|
|
fbe740 |
|
|
|
fbe740 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
fbe740 |
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
fbe740 |
(cherry picked from commit cc361a34c53210d682dbc5f2d506b4a23b71e399)
|
|
|
fbe740 |
|
|
|
fbe740 |
https://bugzilla.redhat.com/show_bug.cgi?id=1794691
|
|
|
fbe740 |
|
|
|
fbe740 |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
fbe740 |
Message-Id: <5de22b27463cd2803b3910d7ef45a0e4bc08ad47.1579874719.git.mprivozn@redhat.com>
|
|
|
fbe740 |
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
fbe740 |
---
|
|
|
fbe740 |
src/qemu/qemu_conf.c | 18 ++++++++++++++----
|
|
|
fbe740 |
1 file changed, 14 insertions(+), 4 deletions(-)
|
|
|
fbe740 |
|
|
|
fbe740 |
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
|
|
|
fbe740 |
index 3d2f0e7bbb..e33ef4895e 100644
|
|
|
fbe740 |
--- a/src/qemu/qemu_conf.c
|
|
|
fbe740 |
+++ b/src/qemu/qemu_conf.c
|
|
|
fbe740 |
@@ -1201,32 +1201,42 @@ virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver,
|
|
|
fbe740 |
virCapsHostNUMAPtr
|
|
|
fbe740 |
virQEMUDriverGetHostNUMACaps(virQEMUDriverPtr driver)
|
|
|
fbe740 |
{
|
|
|
fbe740 |
+ virCapsHostNUMAPtr hostnuma;
|
|
|
fbe740 |
+
|
|
|
fbe740 |
qemuDriverLock(driver);
|
|
|
fbe740 |
|
|
|
fbe740 |
if (!driver->hostnuma)
|
|
|
fbe740 |
driver->hostnuma = virCapabilitiesHostNUMANewHost();
|
|
|
fbe740 |
|
|
|
fbe740 |
+ hostnuma = driver->hostnuma;
|
|
|
fbe740 |
+
|
|
|
fbe740 |
qemuDriverUnlock(driver);
|
|
|
fbe740 |
|
|
|
fbe740 |
- virCapabilitiesHostNUMARef(driver->hostnuma);
|
|
|
fbe740 |
+ if (hostnuma)
|
|
|
fbe740 |
+ virCapabilitiesHostNUMARef(hostnuma);
|
|
|
fbe740 |
|
|
|
fbe740 |
- return driver->hostnuma;
|
|
|
fbe740 |
+ return hostnuma;
|
|
|
fbe740 |
}
|
|
|
fbe740 |
|
|
|
fbe740 |
|
|
|
fbe740 |
virCPUDefPtr
|
|
|
fbe740 |
virQEMUDriverGetHostCPU(virQEMUDriverPtr driver)
|
|
|
fbe740 |
{
|
|
|
fbe740 |
+ virCPUDefPtr hostcpu;
|
|
|
fbe740 |
+
|
|
|
fbe740 |
qemuDriverLock(driver);
|
|
|
fbe740 |
|
|
|
fbe740 |
if (!driver->hostcpu)
|
|
|
fbe740 |
driver->hostcpu = virCPUProbeHost(virArchFromHost());
|
|
|
fbe740 |
|
|
|
fbe740 |
+ hostcpu = driver->hostcpu;
|
|
|
fbe740 |
+
|
|
|
fbe740 |
qemuDriverUnlock(driver);
|
|
|
fbe740 |
|
|
|
fbe740 |
- virCPUDefRef(driver->hostcpu);
|
|
|
fbe740 |
+ if (hostcpu)
|
|
|
fbe740 |
+ virCPUDefRef(hostcpu);
|
|
|
fbe740 |
|
|
|
fbe740 |
- return driver->hostcpu;
|
|
|
fbe740 |
+ return hostcpu;
|
|
|
fbe740 |
}
|
|
|
fbe740 |
|
|
|
fbe740 |
|
|
|
fbe740 |
--
|
|
|
fbe740 |
2.25.0
|
|
|
fbe740 |
|