mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-03 04:45:46 +00:00
conf: Don't crash on invalid chardev source definition of RNGs and other
Since commit 297c99a5 an invalid source definition XML of a character
device that is used as backend for RNG devices, smartcards and redirdevs
causes crash of the daemon when parsing such a definition.
The device types mentioned above are not a part of a regular character
device but are backends for other types. Thus when parsing such device
NULL is passed as the argument @chr_def. Later when checking the
validity of the definition @chr_def was dereferenced when parsing a UNIX
socket backend with missing path of the socket and crashed the daemon.
Sample offending configuration:
<devices>
...
<rng model='virtio'>
<backend model='egd' type='unix'>
<source mode='bind' service='1024'/>
</backend>
</rng>
</devices>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196
This commit is contained in:
Peter Krempa
parent
e23216da9a
commit
795527548f
@ -7070,7 +7070,8 @@ virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
|
|||||||
case VIR_DOMAIN_CHR_TYPE_UNIX:
|
case VIR_DOMAIN_CHR_TYPE_UNIX:
|
||||||
/* path can be auto generated */
|
/* path can be auto generated */
|
||||||
if (!path &&
|
if (!path &&
|
||||||
chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) {
|
(!chr_def ||
|
||||||
|
chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) {
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
_("Missing source path attribute for char device"));
|
_("Missing source path attribute for char device"));
|
||||||
goto error;
|
goto error;
|
||||||
|
|||||||
27
tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
Normal file
27
tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
<domain type='qemu'>
|
||||||
|
<name>QEMUGuest1</name>
|
||||||
|
<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
|
||||||
|
<memory unit='KiB'>219100</memory>
|
||||||
|
<currentMemory unit='KiB'>219100</currentMemory>
|
||||||
|
<vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
|
||||||
|
<os>
|
||||||
|
<type arch='i686' machine='pc'>hvm</type>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
</os>
|
||||||
|
<clock offset='utc'/>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<devices>
|
||||||
|
<emulator>/usr/bin/qemu</emulator>
|
||||||
|
<controller type='usb' index='0'/>
|
||||||
|
<controller type='pci' index='0' model='pci-root'/>
|
||||||
|
<memballoon model='virtio'/>
|
||||||
|
<rng model='virtio'>
|
||||||
|
<backend model='egd' type='unix'>
|
||||||
|
<!-- https://bugzilla.redhat.com/show_bug.cgi?id=1012196 -->
|
||||||
|
<source mode='connect' host='1.2.3.4' service='1234'/>
|
||||||
|
</backend>
|
||||||
|
</rng>
|
||||||
|
</devices>
|
||||||
|
</domain>
|
||||||
@ -986,6 +986,8 @@ mymain(void)
|
|||||||
QEMU_CAPS_OBJECT_RNG_RANDOM);
|
QEMU_CAPS_OBJECT_RNG_RANDOM);
|
||||||
DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
|
DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
|
||||||
QEMU_CAPS_OBJECT_RNG_EGD);
|
QEMU_CAPS_OBJECT_RNG_EGD);
|
||||||
|
DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE,
|
||||||
|
QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD);
|
||||||
DO_TEST("virtio-rng-ccw",
|
DO_TEST("virtio-rng-ccw",
|
||||||
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
|
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
|
||||||
QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW,
|
QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user