merged to hardknott. Bruce
In message: [meta-virtualization] [hardknott][PATCH] libvirt: fix CVE-2021-3975 on 29/01/2022 Changqing Li wrote: > From: Changqing Li <[email protected]> > > Signed-off-by: Changqing Li <[email protected]> > --- > .../libvirt/libvirt/CVE-2021-3975.patch | 43 +++++++++++++++++++ > recipes-extended/libvirt/libvirt_6.3.0.bb | 1 + > 2 files changed, 44 insertions(+) > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2021-3975.patch > > diff --git a/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch > b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch > new file mode 100644 > index 0000000..72cee94 > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch > @@ -0,0 +1,43 @@ > +From 30de45c73106cacfc0aacc8f11c88e1aa5372d77 Mon Sep 17 00:00:00 2001 > +From: Changqing Li <[email protected]> > +Date: Sat, 29 Jan 2022 13:25:54 +0800 > +Subject: [PATCH] qemu: Add missing lock in qemuProcessHandleMonitorEOF > + > +qemuMonitorUnregister will be called in multiple threads (e.g. threads > +in rpc worker pool and the vm event thread). In some cases, it isn't > +protected by the monitor lock, which may lead to call g_source_unref > +more than one time and a use-after-free problem eventually. > + > +Add the missing lock in qemuProcessHandleMonitorEOF (which is the only > +position missing lock of monitor I found). > + > +Suggested-by: Michal Privoznik <[email protected]> > +Signed-off-by: Peng Liang <[email protected]> > +Signed-off-by: Michal Privoznik <[email protected]> > +Reviewed-by: Michal Privoznik <[email protected]> > + > +Upstream-Status: Backport > [https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7] > +CVE: CVE-2021-3975 > + > +Signed-off-by: Changqing Li <[email protected]> > +--- > + src/qemu/qemu_process.c | 2 ++ > + 1 file changed, 2 insertions(+) > + > +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c > +index 8ea470f..64b8472 100644 > +--- a/src/qemu/qemu_process.c > ++++ b/src/qemu/qemu_process.c > +@@ -315,7 +315,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon, > + /* We don't want this EOF handler to be called over and over while the > + * thread is waiting for a job. > + */ > ++ virObjectLock(mon); > + qemuMonitorUnregister(mon); > ++ virObjectUnlock(mon); > + > + /* We don't want any cleanup from EOF handler (or any other > + * thread) to enter qemu namespace. */ > +-- > +2.17.1 > + > diff --git a/recipes-extended/libvirt/libvirt_6.3.0.bb > b/recipes-extended/libvirt/libvirt_6.3.0.bb > index 091296e..8e95ad6 100644 > --- a/recipes-extended/libvirt/libvirt_6.3.0.bb > +++ b/recipes-extended/libvirt/libvirt_6.3.0.bb > @@ -46,6 +46,7 @@ SRC_URI = > "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \ > file://CVE-2020-25637_4.patch \ > file://CVE-2021-3631.patch \ > > file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \ > + file://CVE-2021-3975.patch \ > " > > SRC_URI[libvirt.md5sum] = "1bd4435f77924f5ec9928b538daf4a02" > -- > 2.17.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7052): https://lists.yoctoproject.org/g/meta-virtualization/message/7052 Mute This Topic: https://lists.yoctoproject.org/mt/88762739/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
