mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 22:25:25 +00:00
173c291473
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, the daemon's event loop delegates it to a worker thread. In case the event loop detects EOF on the connection and calls virNetServerClientClose before the worker thread starts to handle REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be disposed by the time virNetServerClientStartKeepAlive gets called from remoteDispatchConnectSupportsFeature. Because the flow is common for both authenticated and read-only connections, even unprivileged clients may cause the daemon to crash. To avoid the crash, virNetServerClientStartKeepAlive needs to check if the connection is still open before starting keep-alive protocol. Every libvirt release since 0.9.8 is affected by this bug. |
||
---|---|---|
.. | ||
gendispatch.pl | ||
genprotocol.pl | ||
gensystemtap.pl | ||
virkeepalive.c | ||
virkeepalive.h | ||
virkeepaliveprotocol.x | ||
virnetclient.c | ||
virnetclient.h | ||
virnetclientprogram.c | ||
virnetclientprogram.h | ||
virnetclientstream.c | ||
virnetclientstream.h | ||
virnetmessage.c | ||
virnetmessage.h | ||
virnetprotocol.x | ||
virnetsaslcontext.c | ||
virnetsaslcontext.h | ||
virnetserver.c | ||
virnetserver.h | ||
virnetserverclient.c | ||
virnetserverclient.h | ||
virnetservermdns.c | ||
virnetservermdns.h | ||
virnetserverprogram.c | ||
virnetserverprogram.h | ||
virnetserverservice.c | ||
virnetserverservice.h | ||
virnetsocket.c | ||
virnetsocket.h | ||
virnetsshsession.c | ||
virnetsshsession.h | ||
virnettlscontext.c | ||
virnettlscontext.h |