[PATCH partially-for-8.0 00/17] qemu: Fix use-after free when redefining snapshots and cleanup the code

Peter Krempa pkrempa at redhat.com
Wed Jan 12 18:10:00 UTC 2022 

Patches 1 and 2 should be pushed for 8.0 as the bug was introduced in
this dev cycle and the patches are specifically kept very simple.

The rest of the series refactors the snapshot validation and helper code
to have less weird semantics which lead to this bug.

Peter Krempa (17):
  qemuSnapshotRedefine: Rename 'def' to 'snapdef'
  qemuSnapshotRedefine: Fix use of snapshot definition after free
  virDomainMomentAssignDef: Simplify error handling
  virDomainSnapshotRedefineValidate: Fix validation of
    VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY flag
  virDomainSnapshotAlignDisks: Improve function comment
  virDomainSnapshotAlignDisks: Convert @default_snapshot to
    virDomainSnapshotLocation
  virDomainSnapshotAlignDisks: Move 'require_match' selection logic
    inside
  virDomainSnapshotAlignDisks: Allow alternate domain definition when
    redefining
  virDomainSnapshotRedefineValidate: Unexport
  virDomainSnapshotRedefinePrep: Use 'snapdef' for snapshot definition
    object
  virDomainSnapshotRedefineValidate: Don't modify the snapshot
    definition
  testDomainSnapshotCreateXML: Extract snapshot redefinition code
  qemuSnapshotCreate: Use 'snapdef' instead of 'def'
  qemuSnapshotCreate: Standardize handling of the reference on @snapdef
  qemuDomainSnapshotLoad: Refactor handling of snapshot definition
    object
  virDomainSnapshotAssignDef: Clear second argument when it is consumed
  virDomainSnapshotRedefinePrep: Don't do partial redefine

 src/conf/snapshot_conf.c            | 120 +++++++++++++++-------------
 src/conf/snapshot_conf.h            |  13 +--
 src/conf/virdomainmomentobjlist.c   |   9 +--
 src/conf/virdomainsnapshotobjlist.c |  29 ++++++-
 src/conf/virdomainsnapshotobjlist.h |   5 +-
 src/libvirt_private.syms            |   1 +
 src/qemu/qemu_driver.c              |  18 ++---
 src/qemu/qemu_snapshot.c            |  35 ++++----
 src/test/test_driver.c              |  89 ++++++++++++---------
 src/vz/vz_sdk.c                     |   3 +-
 10 files changed, 180 insertions(+), 142 deletions(-)

-- 
2.31.1

More information about the libvir-list mailing list