Tree - rpms/libvirt - CentOS Git server

rpms / libvirt

Files

Commit: 03cc27a65fda2237ca499c00d2b00a6dea3d45f9
Blob Blame History Raw
From 618400932103613617f361134e446c6937c747c6 Mon Sep 17 00:00:00 2001
Message-Id: <618400932103613617f361134e446c6937c747c6@dist-git>
From: Jonathon Jongsma <jjongsma@redhat.com>
Date: Fri, 1 May 2020 16:53:40 -0500
Subject: [PATCH] qemu: remove use of qemuDomainObjBeginJobWithAgent()

This function will be removed in a future commit because it allows the
caller to acquire both monitor and agent jobs at the same time. Holding
both job types creates a vulnerability to denial of service from a
malicious guest agent.

qemuDomainSetVcpusFlags() always passes NONE for either the monitor job
or the agent job (and thus is not vulnerable to the DoS), so we can
simply replace this function with the functions for acquiring the
appropriate type of job.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit ffa5066a49686e61991759983b0d7d1ba707fe50)

CVE-2019-20485

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Message-Id: <20200501215341.27683-5-jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_driver.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 0f6641702d..e1d9bbae99 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5003,8 +5003,6 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
     virDomainDefPtr persistentDef;
     bool hotpluggable = !!(flags & VIR_DOMAIN_VCPU_HOTPLUGGABLE);
     bool useAgent = !!(flags & VIR_DOMAIN_VCPU_GUEST);
-    qemuDomainJob job = QEMU_JOB_NONE;
-    qemuDomainAgentJob agentJob = QEMU_AGENT_JOB_NONE;
     int ret = -1;
 
     virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
@@ -5019,13 +5017,14 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
     if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
         goto cleanup;
 
-    if (useAgent)
-        agentJob = QEMU_AGENT_JOB_MODIFY;
-    else
-        job = QEMU_JOB_MODIFY;
 
-    if (qemuDomainObjBeginJobWithAgent(driver, vm, job, agentJob) < 0)
-        goto cleanup;
+    if (useAgent) {
+        if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0)
+            goto cleanup;
+    } else {
+        if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+            goto cleanup;
+    }
 
     if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0)
         goto endjob;
@@ -5039,7 +5038,7 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
                                          nvcpus, hotpluggable);
 
  endjob:
-    if (agentJob)
+    if (useAgent)
         qemuDomainObjEndAgentJob(vm);
     else
         qemuDomainObjEndJob(driver, vm);
-- 
2.26.2
rpms / libvirt

Source Code

Files
