When formatting the forward mode addresses or interfaces the switch was done based on the type of the network rather than of the type of the individual <interface>/<address> element. In case a user would specify an incorrect network type ("passhtrough") with <address> elements, libvirtd would crash as it would attempt to format an <interface>. Use the type of the individual element to format the XML. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132347 --- The parser would be better of with a refactor. This is a minimal change to fix the crash. src/conf/network_conf.c | 5 ++--- tests/networkxml2xmlin/passthrough-address-crash.xml | 7 +++++++ tests/networkxml2xmlout/passthrough-address-crash.xml | 7 +++++++ tests/networkxml2xmltest.c | 1 + 4 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 tests/networkxml2xmlin/passthrough-address-crash.xml create mode 100644 tests/networkxml2xmlout/passthrough-address-crash.xml diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index 756b9de..dc25c6e 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -2731,7 +2731,7 @@ virNetworkDefFormatBuf(virBufferPtr buf, if (def->forward.nifs && (!def->forward.npfs || !(flags & VIR_NETWORK_XML_INACTIVE))) { for (i = 0; i < def->forward.nifs; i++) { - if (def->forward.type != VIR_NETWORK_FORWARD_HOSTDEV) { + if (def->forward.ifs[i].type == VIR_NETWORK_FORWARD_HOSTDEV_DEVICE_NETDEV) { virBufferEscapeString(buf, "<interface dev='%s'", def->forward.ifs[i].device.dev); if (!(flags & VIR_NETWORK_XML_INACTIVE) && @@ -2740,8 +2740,7 @@ virNetworkDefFormatBuf(virBufferPtr buf, def->forward.ifs[i].connections); } virBufferAddLit(buf, "/>\n"); - } - else { + } else { if (def->forward.ifs[i].type == VIR_NETWORK_FORWARD_HOSTDEV_DEVICE_PCI) { if (virDevicePCIAddressFormat(buf, def->forward.ifs[i].device.pci, diff --git a/tests/networkxml2xmlin/passthrough-address-crash.xml b/tests/networkxml2xmlin/passthrough-address-crash.xml new file mode 100644 index 0000000..a05dbbf --- /dev/null +++ b/tests/networkxml2xmlin/passthrough-address-crash.xml @@ -0,0 +1,7 @@ +<network> + <name>passthrough_001</name> + <uuid>50e92386-8dd1-4a95-8a4b-9a888274eb66</uuid> + <forward mode='passthrough'> + <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/> + </forward> +</network> diff --git a/tests/networkxml2xmlout/passthrough-address-crash.xml b/tests/networkxml2xmlout/passthrough-address-crash.xml new file mode 100644 index 0000000..a05dbbf --- /dev/null +++ b/tests/networkxml2xmlout/passthrough-address-crash.xml @@ -0,0 +1,7 @@ +<network> + <name>passthrough_001</name> + <uuid>50e92386-8dd1-4a95-8a4b-9a888274eb66</uuid> + <forward mode='passthrough'> + <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/> + </forward> +</network> diff --git a/tests/networkxml2xmltest.c b/tests/networkxml2xmltest.c index c6e0f6f..65ac591 100644 --- a/tests/networkxml2xmltest.c +++ b/tests/networkxml2xmltest.c @@ -119,6 +119,7 @@ mymain(void) DO_TEST_FULL("passthrough-pf", VIR_NETWORK_XML_INACTIVE); DO_TEST("hostdev"); DO_TEST_FULL("hostdev-pf", VIR_NETWORK_XML_INACTIVE); + DO_TEST("passthrough-address-crash"); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -- 2.0.2