qemu_conf: Avoid dereferencing NULL in virQEMUDriverGetHost{NUMACaps,CPU}

When fixing [1] I've ran attached reproducer and had it spawn 1024 threads and query capabilities XML in each one of them. This lead libvirtd to hit the RLIMIT_NOFILE limit which was kind of expected. What wasn't expected was a subsequent segfault. It happened because virCPUProbeHost failed and returned NULL. We've taken the NULL and passed it to virCapabilitiesHostNUMARef() which dereferenced it. Code inspection showed the same flas in virQEMUDriverGetHostNUMACaps(), so I'm fixing both places. 1: https://bugzilla.redhat.com/show_bug.cgi?id=1791790Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Peter Krempa <pkrempa@redhat.com>

qemu_conf: Avoid dereferencing NULL in virQEMUDriverGetHost{NUMACaps,CPU}
When fixing [1] I've ran attached reproducer and had it spawn 1024 threads and query capabilities XML in each one of them. This lead libvirtd to hit the RLIMIT_NOFILE limit which was kind of expected. What wasn't expected was a subsequent segfault. It happened because virCPUProbeHost failed and returned NULL. We've taken the NULL and passed it to virCapabilitiesHostNUMARef() which dereferenced it. Code inspection showed the same flas in virQEMUDriverGetHostNUMACaps(), so I'm fixing both places. 1: https://bugzilla.redhat.com/show_bug.cgi?id=1791790Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Peter Krempa <pkrempa@redhat.com>
cc361a34 · Michal Privoznik · 609acf1f · cc361a34
隐藏空白更改
内联并排

Showing with 14 addition and 4 deletion

src/qemu/qemu_conf.c src/qemu/qemu_conf.c +14 -4

未找到文件。
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1201,32 +1201,42 @@ virQEMUDriverCreateXMLConf(virQEMUDriverPtr driver,
 virCapsHostNUMAPtr
 virQEMUDriverGetHostNUMACaps(virQEMUDriverPtr driver)
 {
+    virCapsHostNUMAPtr hostnuma;
+
    qemuDriverLock(driver);

    if (!driver->hostnuma)
        driver->hostnuma = virCapabilitiesHostNUMANewHost();

+    hostnuma = driver->hostnuma;
+
    qemuDriverUnlock(driver);

-    virCapabilitiesHostNUMARef(driver->hostnuma);
+    if (hostnuma)
+        virCapabilitiesHostNUMARef(hostnuma);

-    return driver->hostnuma;
+    return hostnuma;
 }


 virCPUDefPtr
 virQEMUDriverGetHostCPU(virQEMUDriverPtr driver)
 {
+    virCPUDefPtr hostcpu;
+
    qemuDriverLock(driver);

    if (!driver->hostcpu)
        driver->hostcpu = virCPUProbeHost(virArchFromHost());

+    hostcpu = driver->hostcpu;
+
    qemuDriverUnlock(driver);

-    virCPUDefRef(driver->hostcpu);
+    if (hostcpu)
+        virCPUDefRef(hostcpu);

-    return driver->hostcpu;
+    return hostcpu;
 }