From nobody Tue May 7 15:24:21 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1532359836029102.78680152924653; Mon, 23 Jul 2018 08:30:36 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 84286C04BE14; Mon, 23 Jul 2018 15:30:33 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7619B1001643; Mon, 23 Jul 2018 15:30:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EA62D4A460; Mon, 23 Jul 2018 15:30:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w6NFUTqB016054 for ; Mon, 23 Jul 2018 11:30:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id F14165D6A3; Mon, 23 Jul 2018 15:30:28 +0000 (UTC) Received: from unknown4CEB42C824F4.redhat.com (ovpn-116-243.phx2.redhat.com [10.3.116.243]) by smtp.corp.redhat.com (Postfix) with ESMTP id 968835B680 for ; Mon, 23 Jul 2018 15:30:25 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Mon, 23 Jul 2018 11:30:24 -0400 Message-Id: <20180723153024.9428-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] nwfilter: Resolve SEGV for NWFilter Snoop processing X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 23 Jul 2018 15:30:34 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1599973 Commit id fca9afa08 changed the @req->ifname to use @req->binding->portdevname fillingin the @req->binding in a similar way that @req->ifname would have been filled in during virNWFilterDHCPSnoopReq processing. However, in doing so it did not take into account some code paths where the @req->binding should be checked instead of @req->binding->portdevname. These checks led to SEGVs in some cases during libvirtd reload processing in virNWFilterSnoopRemAllReqIter (for stop during nwfilterStateCleanup processing) and virNWFilterSnoopReqLeaseDel (for start during nwfilterStateInitialize processing). In particular, when reading the nwfilter.leases file a new @req is created, but the @req->binding is not filled in. That's left to virNWFilterDHCPSnoopReq processing which checks if the @req already exists in the @virNWFilterSnoopState.snoopReqs hash table after adding a virNWFilterSnoopState.ifnameToKey entry for the @req->binding->portdevname by a @ref->ikey value. NB: virNWFilterSnoopIPLeaseInstallRule and virNWFilterDHCPSnoopThread do not need the req->binding check since they can only be called after the filter->binding is created/assigned. Signed-off-by: John Ferlan --- src/nwfilter/nwfilter_dhcpsnoop.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcp= snoop.c index c7fd370598..2330ba0479 100644 --- a/src/nwfilter/nwfilter_dhcpsnoop.c +++ b/src/nwfilter/nwfilter_dhcpsnoop.c @@ -846,7 +846,7 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req, int ret =3D 0; virNWFilterSnoopIPLeasePtr ipl; char *ipstr =3D NULL; - int ipAddrLeft; + int ipAddrLeft =3D 0; =20 /* protect req->start, req->ifname and the lease */ virNWFilterSnoopReqLock(req); @@ -867,7 +867,8 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req, if (update_leasefile) virNWFilterSnoopLeaseFileSave(ipl); =20 - ipAddrLeft =3D virNWFilterIPAddrMapDelIPAddr(req->binding->portdevname= , ipstr); + if (req->binding) + ipAddrLeft =3D virNWFilterIPAddrMapDelIPAddr(req->binding->portdev= name, ipstr); =20 if (!req->threadkey || !instantiate) goto skip_instantiate; @@ -2037,7 +2038,7 @@ virNWFilterSnoopRemAllReqIter(const void *payload, /* protect req->binding->portdevname */ virNWFilterSnoopReqLock(req); =20 - if (req->binding->portdevname) { + if (req->binding && req->binding->portdevname) { ignore_value(virHashRemoveEntry(virNWFilterSnoopState.ifnameToKey, req->binding->portdevname)); =20 --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list