Re: [libvirt] [PATCH v1.2.[1-5]-maint] qemu: blockcopy: Don't remove existing disk mirror info
On 06/26/2014 07:56 AM, Peter Krempa wrote:
On 06/26/14 15:51, Eric Blake wrote:
> From: Peter Krempa <pkrempa(a)redhat.com>
>
> When creating a new disk mirror the new struct is stored in a separate
> variable until everything went well. The removed hunk would actually
> remove existing mirror information for example when the api would be run
> if a mirror still exists.
>
> (cherry picked from commit 02b364e186d487f54ed410c01af042f23e812d42)
>
> This fixes a regression introduced in commit ff5f30b.
>
> Signed-off-by: Eric Blake <eblake(a)redhat.com>
>
> Conflicts:
> src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001
> ---
>
> As Peter's patch resolves a regression, I'd like to backport it to
> the maint branches; however, that means redoing the patch.
>
> src/qemu/qemu_driver.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
ACK,
I'm awaiting word on whether this regression represents a CVE.
Obviously, the fix is already public, so I'm not making the situation
any worse by mentioning that this patch is under evaluation; but at the
same time, I'm not going into the details of the scenario I found while
while playing with this patch. Worse, the regression was introduced
when plugging an earlier CVE last year - it's never fun when solving one
CVE causes another, so all the more reason that I hope the
libvirt-security list doesn't deem this as a vulnerability. At any
rate, whether or not this gets a CVE designation, it was more than just
v1.2.1-maint affected - everything back to v0.9.12-maint had the bug by
virtue of CVE-2013-6458; I'm in the process of backporting this patch to
ALL branches.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)