Overview

File 1ac703a7-CVE-2021-3975.patch of Package libvirt.22292

commit 1ac703a7d0789e46833f4013a3876c2e3af18ec7
Author: Peng Liang <liangpeng10@huawei.com>
Date:   Wed Feb 24 19:28:23 2021 +0800

    qemu: Add missing lock in qemuProcessHandleMonitorEOF
    
    qemuMonitorUnregister will be called in multiple threads (e.g. threads
    in rpc worker pool and the vm event thread).  In some cases, it isn't
    protected by the monitor lock, which may lead to call g_source_unref
    more than one time and a use-after-free problem eventually.
    
    Add the missing lock in qemuProcessHandleMonitorEOF (which is the only
    position missing lock of monitor I found).
    
    Suggested-by: Michal Privoznik <mprivozn@redhat.com>
    Signed-off-by: Peng Liang <liangpeng10@huawei.com>
    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
    Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Index: libvirt-5.1.0/src/qemu/qemu_process.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_process.c
+++ libvirt-5.1.0/src/qemu/qemu_process.c
@@ -319,7 +319,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorP
     /* We don't want this EOF handler to be called over and over while the
      * thread is waiting for a job.
      */
+    virObjectLock(mon);
     qemuMonitorUnregister(mon);
+    virObjectUnlock(mon);
 
     /* We don't want any cleanup from EOF handler (or any other
      * thread) to enter qemu namespace. */
openSUSE Build Service is sponsored by
Places