4:18 a.m.
Libvirtd would crash if a domain contained an empty cdrom drive of
type='volume' as the disk def->srcpool member would be dereferenced. Fix
it by checking if the source pool is present before dereferencing it.
Also alter tests to catch this issue in the future.
Reported by: Kevin Shanahan
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328
---
src/qemu/qemu_conf.c | 2 +-
tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args | 2 ++
tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml | 6 ++++++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 4378791..ac53f6d 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1302,7 +1302,7 @@ cleanup:
int
qemuDiskGetActualType(virDomainDiskDefPtr def)
{
- if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME)
+ if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME && def->srcpool)
return def->srcpool->actualtype;
return def->type;
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
index da87ad9..6b409b7 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
@@ -3,6 +3,8 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test
QEMU_AUDIO_DRV=none \
-monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -drive \
file=/some/block/device/cdrom,if=none,media=cdrom,id=drive-ide0-0-1 -device \
ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -drive \
+if=none,media=cdrom,id=drive-ide0-1-0 -device \
+ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive \
file=/tmp/idedisk.img,if=none,id=drive-ide0-0-2 -device \
ide-drive,bus=ide.0,unit=2,drive=drive-ide0-0-2,id=ide0-0-2 -device \
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
index 6ca5cf7..e96f76e 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
@@ -24,6 +24,12 @@
<readonly/>
<address type='drive' controller='0' bus='0'
target='0' unit='1'/>
</disk>
+ <disk type='volume' device='cdrom'>
+ <driver name='qemu' type='raw'/>
+ <target dev='hdc' bus='ide'/>
+ <readonly/>
+ <address type='drive' controller='0' bus='1'
target='0' unit='0'/>
+ </disk>
<disk type='file' device='disk'>
<source file='/tmp/idedisk.img'/>
<target dev='hdc' bus='ide'/>
--
1.8.5.3
4:30 a.m.
On 22/01/14 18:18, Peter Krempa wrote:
Libvirtd would crash if a domain contained an empty cdrom drive of
type='volume' as the disk def->srcpool member would be dereferenced. Fix
it by checking if the source pool is present before dereferencing it.
Also alter tests to catch this issue in the future.
Reported by: Kevin Shanahan
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328
---
src/qemu/qemu_conf.c | 2 +-
tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args | 2 ++
tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml | 6 ++++++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 4378791..ac53f6d 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1302,7 +1302,7 @@ cleanup:
int
qemuDiskGetActualType(virDomainDiskDefPtr def)
{
- if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME)
+ if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME && def->srcpool)
return def->srcpool->actualtype;
Returning the type as "volume" should be fine, since there is no
"case" statement for "volume" type when building the drive's
command line, and the "source" is empty anyway.
ACK.
4:42 a.m.
On 01/22/14 11:30, Osier Yang wrote:
On 22/01/14 18:18, Peter Krempa wrote:
> Libvirtd would crash if a domain contained an empty cdrom drive of
> type='volume' as the disk def->srcpool member would be dereferenced. Fix
> it by checking if the source pool is present before dereferencing it.
>
> Also alter tests to catch this issue in the future.
>
> Reported by: Kevin Shanahan
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328
> ---
> src/qemu/qemu_conf.c | 2 +-
> tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args | 2 ++
> tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml | 6 ++++++
> 3 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index 4378791..ac53f6d 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -1302,7 +1302,7 @@ cleanup:
> int
> qemuDiskGetActualType(virDomainDiskDefPtr def)
> {
> - if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME)
> + if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME && def->srcpool)
> return def->srcpool->actualtype;
>
>
Returning the type as "volume" should be fine, since there is no
"case" statement for "volume" type when building the drive's
command line, and the "source" is empty anyway.
ACK.
Pushed; Thanks.
Peter
3929
days inactive
3929
days old
2 comments
2 participants
participants (2)
-
Osier Yang -
Peter Krempa