[PATCH for 7.3] conf: Fix heap corruption when hot-adding a lease
by Peter Krempa
Commit 28a86993162f7d2f ( v6.9.0-179-g28a8699316 ) incorrectly replaced
VIR_EXPAND_N by g_renew.
VIR_EXPAND_N has these two extra effects apart from reallocating memory:
1) The newly allocated memory is zeroed out
2) The number of elements in the array which is passed to VIR_EXPAND_N
is increased.
This comes into play when used with virDomainLeaseInsertPreAlloced,
which expects that the array element count already includes the space
for the added 'lease', by plainly just assigning to 'leases[nleases - 1'
Since g_renew does not increase the number of elements in the array
any existing code which calls virDomainLeaseInsertPreAlloced thus either
overwrites a lease definition or corrupts the heap if there are no
leases to start with.
To preserve existing functionality we revert the code back to using
VIR_EXPAND_N which at this point doesn't return any value, so other
commits don't need to be reverted.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1953577
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/conf/domain_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9d98f487ea..84570c001c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -16837,7 +16837,7 @@ int virDomainLeaseIndex(virDomainDef *def,
void virDomainLeaseInsertPreAlloc(virDomainDef *def)
{
- def->leases = g_renew(virDomainLeaseDef *, def->leases, def->nleases + 1);
+ VIR_EXPAND_N(def->leases, def->nleases, 1);
}
void virDomainLeaseInsert(virDomainDef *def, virDomainLeaseDef *lease)
--
2.30.2
3 years, 6 months
- 2
- 1
[libvirt PATCH] virnetdevbridge: Ignore EEXIST when adding an entry to fdb
by Jiri Denemark
When updating entries in a bridge forwarding database (i.e., when
macTableManager='libvirt' is configured for the bridge), we may end up
in a situation when the entry we want to add is already present. Let's
just ignore the error in such a case.
This fixes an error to resume a domain when fdb entries were not
properly removed when the domain was paused:
virsh # resume test
error: Failed to resume domain test
error: error adding fdb entry for vnet2: File exists
For some reason, fdb entries are only removed when libvirt explicitly
stops CPUs, but nothing happens when we just get STOP event from QEMU.
An alternative approach would be to make sure we always remove the
entries regardless on why a domain was paused (e.g., during migration),
but that would be a significantly more disruptive change with possible
side effects.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/util/virnetdevbridge.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c
index 7b5ea4fe1d..4fe84cc162 100644
--- a/src/util/virnetdevbridge.c
+++ b/src/util/virnetdevbridge.c
@@ -1063,9 +1063,13 @@ virNetDevBridgeFDBAddDel(const virMacAddr *mac, const char *ifname,
if (resp->nlmsg_len < NLMSG_LENGTH(sizeof(*err)))
goto malformed_resp;
if (err->error) {
- virReportSystemError(-err->error,
- _("error adding fdb entry for %s"), ifname);
- return -1;
+ if (isAdd && -err->error == EEXIST) {
+ VIR_DEBUG("fdb entry for %s already exists", ifname);
+ } else {
+ virReportSystemError(-err->error,
+ _("error adding fdb entry for %s"), ifname);
+ return -1;
+ }
}
break;
case NLMSG_DONE:
--
2.31.1
3 years, 6 months
- 2
- 1