Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
Go to file
Eric Blake 265680c58e blockjob: fix use-after-free in blockcopy
Commit febf84c2 tried to delay in-memory modification of the actual
domain disk structure until after the qemu event was received.
However, I missed that the code for block pivot had been temporarily
setting disk->src = disk->mirror prior to the qemu command, in order
to label the backing chain of a reused external blockcopy disk;
and calls into qemu while still in that state before finally undoing
things at the cleanup label.  Since the qemu event handler then does:
 virStorageSourceFree(disk->src);
 disk->src = disk->mirror;
we have the sad race that a fast enough qemu event can cause a leak of
the original disk->src, as well as a use-after-free of the disk->mirror
contents, bad enough to crash libvirtd in some of my test runs, even
though the common case of the qemu event being much later won't trip
the race.

I'll go wear the brown paper bag of shame, for introducing a crasher
in between rc1 and rc2 of the freeze for 1.2.7 :(  My only
consolation is that virDomainBlockJobAbort requires the domain:write
ACL, so it is not a CVE.

The valgrind report when the race occurs looks like:

==25612== Invalid read of size 4
==25612==    at 0x50E7C90: virStorageSourceGetActualType (virstoragefile.c:1948)
==25612==    by 0x209C0B18: qemuDomainDetermineDiskChain (qemu_domain.c:2473)
==25612==    by 0x209D7F6A: qemuProcessHandleBlockJob (qemu_process.c:1087)
==25612==    by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)
...
==25612==  Address 0xe4b5610 is 0 bytes inside a block of size 200 free'd
==25612==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25612==    by 0x50839E9: virFree (viralloc.c:582)
==25612==    by 0x50E7E51: virStorageSourceFree (virstoragefile.c:2015)
==25612==    by 0x209D7EFF: qemuProcessHandleBlockJob (qemu_process.c:1073)
==25612==    by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)

* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Don't corrupt
disk->src, and only label chain for blockcopy.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-08-07 12:17:02 -06:00
.gnulib@2d280742a9 build: fix gnulib build for mingw 2014-07-09 16:09:17 -06:00
build-aux Require spaces around equality comparisons 2014-03-18 11:29:44 +01:00
daemon daemon: Fix indentation in libvirtd.c 2014-08-07 11:03:31 +02:00
docs docs: use unique dev names in <disk> examples 2014-08-07 11:12:00 -06:00
examples domtop: Remove unused variable 2014-08-04 14:40:52 +02:00
gnulib maint: update to latest gnulib 2014-01-01 06:02:47 -07:00
include lib: Introduce flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE 2014-07-08 11:51:06 +02:00
m4 build: prefer -fstack-protector-strong to -all 2014-06-12 08:16:03 +02:00
po Release of libvirt-1.2.7 2014-08-03 08:55:15 -04:00
src blockjob: fix use-after-free in blockcopy 2014-08-07 12:17:02 -06:00
tests Fix a crash when cloning a volume with no backing store 2014-08-01 15:42:28 +02:00
tools virsh: clean up attach-interface paragraph in man page 2014-08-07 13:04:53 -04:00
.ctags maint: Make ctags work out of the box 2013-07-18 08:47:21 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore examples: Introduce domtop 2014-07-18 16:39:54 +02:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Added myself in AUTHORS.in 2014-07-23 16:23:46 +02:00
autobuild.sh Disable libvirtd by default when building on Win32 2014-04-29 11:30:32 +01:00
autogen.sh maint: detect VPATH builds when checking for gnulib update 2014-06-04 16:06:55 -06:00
bootstrap maint: update to latest gnulib 2014-01-01 06:02:47 -07:00
bootstrap.conf Add helpers for getting env vars in a setuid environment 2013-10-21 14:03:52 +01:00
cfg.mk maint: simplify some syntax check exemptions 2014-07-23 14:00:15 -06:00
ChangeLog-old Fix typos in src/* 2014-04-21 16:49:08 -06:00
config-post.h build: fix build of virt-login-shell on systems with older gnutls 2013-10-22 09:41:50 -06:00
configure.ac Post-release version bump for new dev cycle 2014-08-04 07:33:37 -06:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
HACKING docs: Fix broken link in the HACKING page 2014-07-04 18:28:24 +02:00
libvirt-lxc.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.spec.in Release of libvirt-1.2.7 2014-08-03 08:55:15 -04:00
Makefile.am examples: Introduce domtop 2014-07-18 16:39:54 +02:00
Makefile.nonreentrant maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
mingw-libvirt.spec.in build: package .pc files for mingw64 2014-07-09 16:45:15 -06:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking docs: update README-hacking 2014-05-06 16:20:24 -06:00
run.in Add PKG_CONFIG_PATH to run.in script. 2014-06-26 14:32:35 +01:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>