|
 |
9119d9 |
From 04f435535c4cbbcb72190cc3e05e440374165ffd Mon Sep 17 00:00:00 2001
|
|
|
9119d9 |
Message-Id: <04f435535c4cbbcb72190cc3e05e440374165ffd@dist-git>
|
|
|
9119d9 |
From: Luyao Huang <lhuang@redhat.com>
|
|
|
9119d9 |
Date: Wed, 3 Dec 2014 13:35:29 -0500
|
|
|
9119d9 |
Subject: [PATCH] storage: fix crash caused by no check return before set close
|
|
|
9119d9 |
|
|
|
9119d9 |
https://bugzilla.redhat.com/show_bug.cgi?id=1087104#c5
|
|
|
9119d9 |
|
|
|
9119d9 |
When trying to use an invalid offset to virStorageVolUpload(), libvirt
|
|
|
9119d9 |
fails in virFDStreamOpenFileInternal(), although it seems libvirt does
|
|
|
9119d9 |
not check the return in storageVolUpload(), and calls
|
|
|
9119d9 |
virFDStreamSetInternalCloseCb() right after. But stream doesn't have a
|
|
|
9119d9 |
privateData (is NULL) yet, and the daemon crashes then.
|
|
|
9119d9 |
|
|
|
9119d9 |
0 0x00007f09429a9c10 in pthread_mutex_lock () from /lib64/libpthread.so.0
|
|
|
9119d9 |
1 0x00007f094514dbf5 in virMutexLock (m=<optimized out>) at util/virthread.c:88
|
|
|
9119d9 |
2 0x00007f09451cb211 in virFDStreamSetInternalCloseCb at fdstream.c:795
|
|
|
9119d9 |
3 0x00007f092ff2c9eb in storageVolUpload at storage/storage_driver.c:2098
|
|
|
9119d9 |
4 0x00007f09451f46e0 in virStorageVolUpload at libvirt.c:14000
|
|
|
9119d9 |
5 0x00007f0945c78fa1 in remoteDispatchStorageVolUpload at remote_dispatch.h:14339
|
|
|
9119d9 |
6 remoteDispatchStorageVolUploadHelper at remote_dispatch.h:14309
|
|
|
9119d9 |
7 0x00007f094524a192 in virNetServerProgramDispatchCall at rpc/virnetserverprogram.c:437
|
|
|
9119d9 |
|
|
|
9119d9 |
Signed-off-by: Luyao Huang <lhuang@redhat.com>
|
|
|
9119d9 |
(cherry picked from commit 87b9437f8951f9d24f9a85c6bbfff0e54df8c984)
|
|
|
9119d9 |
|
|
|
9119d9 |
This issue was introduced by commit id '4a85bf3e' and is related to
|
|
|
9119d9 |
|
|
|
9119d9 |
https://bugzilla.redhat.com/show_bug.cgi?id=1072653
|
|
|
9119d9 |
|
|
|
9119d9 |
Although possible to avoid the condition by a previous patch to disallow
|
|
|
9119d9 |
a negative offset using virsh, it is still possible to pass an offset via
|
|
|
9119d9 |
virStorageVolUpload that would cause the same condition, so this patch is
|
|
|
9119d9 |
also necessary.
|
|
|
9119d9 |
|
|
|
9119d9 |
Signed-off-by: John Ferlan <jferlan@redhat.com>
|
|
|
9119d9 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
9119d9 |
---
|
|
|
9119d9 |
src/storage/storage_driver.c | 5 +++--
|
|
|
9119d9 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
9119d9 |
|
|
|
9119d9 |
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
|
|
|
9119d9 |
index 7c518bf..7d4ae50 100644
|
|
|
9119d9 |
--- a/src/storage/storage_driver.c
|
|
|
9119d9 |
+++ b/src/storage/storage_driver.c
|
|
|
9119d9 |
@@ -2088,8 +2088,9 @@ storageVolUpload(virStorageVolPtr obj,
|
|
|
9119d9 |
goto cleanup;
|
|
|
9119d9 |
}
|
|
|
9119d9 |
|
|
|
9119d9 |
- ret = backend->uploadVol(obj->conn, pool, vol, stream,
|
|
|
9119d9 |
- offset, length, flags);
|
|
|
9119d9 |
+ if ((ret = backend->uploadVol(obj->conn, pool, vol, stream,
|
|
|
9119d9 |
+ offset, length, flags)) < 0)
|
|
|
9119d9 |
+ goto cleanup;
|
|
|
9119d9 |
|
|
|
9119d9 |
/* Add cleanup callback - call after uploadVol since the stream
|
|
|
9119d9 |
* is then fully set up
|
|
|
9119d9 |
--
|
|
|
9119d9 |
2.2.0
|
|
|
9119d9 |
|