[libvirt] [PATCH v2 0/8] Don't hold both monitor and agent jobs at the same time
Jonathon Jongsma
jjongsma at redhat.com
Thu Jan 16 16:28:43 UTC 2020
On Thu, 2020-01-16 at 09:46 -0600, Eric Blake wrote:
> On 1/10/20 5:32 PM, Jonathon Jongsma wrote:
> > We have to assume that the guest agent may be malicious, so we
> > don't want to
> > allow any agent queries to block any other libvirt API. By holding
> > a monitor
> > job and an agent job while we're querying the agent, any other
> > threads will be
> > blocked from using the monitor while the agent is unresponsive.
> > Because libvirt
> > waits forever for an agent response, this makes us vulnerable to a
> > denial of
> > service from a malicious (or simply buggy) guest agent.
> >
> > Most of the patches in the first series were already reviewed and
> > pushed, but a
> > couple remain: the filesystem info functions. The problem with
> > these functions
> > is that the agent functions access the vm definition (owned by the
> > domain). If
> > a monitor job is not held while this is done, the vm definition
> > could change
> > while we are looking up the disk alias, leading to a potentional
> > crash.
>
> Did we ever hear back on a CVE assignment for the first series? And
> do
> any of the patches in this series also fall under the CVE umbrella?
Good question. I never did hear back about a CVE assignment. This
series is just a revision (and refactoring) of a couple of the patches
that were NACKed from the first series. So they are relevant to the
(potential) CVE.
Jonathon
More information about the libvir-list
mailing list