[libvirt] [PATCH 6/8] qemu: don't hold monitor job for GetGuestInfo()
We have to assume that the guest agent may be malicious so we don't want
to allow any agent queries to block any other libvirt API. By holding a
monitor job while we're querying the agent, we open ourselves up to a
DoS.
This function issues several agent commands, but does not issue any
monitor commands. Therefore, we can drop the monitor job and only hold
an agent job.
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
---
src/qemu/qemu_driver.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index e1a91c5049..1cf54cda8a 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -22688,9 +22688,8 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
if (virDomainGetGuestInfoEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
- if (qemuDomainObjBeginJobWithAgent(driver, vm,
- QEMU_JOB_QUERY,
- QEMU_AGENT_JOB_QUERY) < 0)
+ if (qemuDomainObjBeginAgentJob(driver, vm,
+ QEMU_AGENT_JOB_QUERY) < 0)
goto cleanup;
if (!qemuDomainAgentAvailable(vm, true))
@@ -22740,7 +22739,7 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
qemuDomainObjExitAgent(vm, agent);
endjob:
- qemuDomainObjEndJobWithAgent(driver, vm);
+ qemuDomainObjEndAgentJob(vm);
cleanup:
virDomainObjEndAPI(&vm);
--
2.21.0