When virCgroupEnableMissingControllers fails it's possible that *group
is still set to NULL. Therefore let's add a guard and an attribute for
this.
[#0] virCgroupRemove(group=0x0)
[#1] virCgroupNewMachineSystemd
[#2] virCgroupNewMachine
[#3] qemuInitCgroup
[#4] qemuSetupCgroup
[#5] qemuProcessLaunch
[#6] qemuProcessStart
[#7] qemuDomainObjStart
[#8] qemuDomainCreateWithFlags
[#9] qemuDomainCreate
...
Fixes: 1602aa28f820ada66f707cef3e536e8572fbda1e
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
---
src/util/vircgroup.c | 3 ++-
src/util/vircgroup.h | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 23957c82c7fa..06e1d158febb 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1104,7 +1104,8 @@ virCgroupNewMachineSystemd(const char *name,
error:
saved = virSaveLastError();
- virCgroupRemove(*group);
+ if (*group)
+ virCgroupRemove(*group);
virCgroupFree(group);
if (saved) {
virSetError(saved);
diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index 1f676f21c380..9e1ae3706b1e 100644
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -268,7 +268,8 @@ int virCgroupGetCpusetMemoryMigrate(virCgroupPtr group, bool *migrate);
int virCgroupSetCpusetCpus(virCgroupPtr group, const char *cpus);
int virCgroupGetCpusetCpus(virCgroupPtr group, char **cpus);
-int virCgroupRemove(virCgroupPtr group);
+int virCgroupRemove(virCgroupPtr group)
+ ATTRIBUTE_NONNULL(1);
int virCgroupKillRecursive(virCgroupPtr group, int signum);
int virCgroupKillPainfully(virCgroupPtr group);
--
2.17.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
$subj:
util: Fix cgroup processing NULL pointer dereferencing
On 9/26/18 11:53 AM, Marc Hartmayer wrote:
> When virCgroupEnableMissingControllers fails it's possible that *group
> is still set to NULL. Therefore let's add a guard and an attribute for
> this.
Prefix paragraph with rather than at the bottom "Fixes:".
Introduced by commit 1602aa28f,
>
> [#0] virCgroupRemove(group=0x0)
> [#1] virCgroupNewMachineSystemd
> [#2] virCgroupNewMachine
> [#3] qemuInitCgroup
> [#4] qemuSetupCgroup
> [#5] qemuProcessLaunch
> [#6] qemuProcessStart
> [#7] qemuDomainObjStart
> [#8] qemuDomainCreateWithFlags
> [#9] qemuDomainCreate
> ...
>
> Fixes: 1602aa28f820ada66f707cef3e536e8572fbda1e
I think it's safe to remove the stack trace...
> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
> ---
> src/util/vircgroup.c | 3 ++-
> src/util/vircgroup.h | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
While this patch is correct to remove the NULL deref, there "may" be a
problem with the patch that introduced this. Rather than usurp this
thread, I'll respond to the other one and see where it takes us.
John
>
> diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
> index 23957c82c7fa..06e1d158febb 100644
> --- a/src/util/vircgroup.c
> +++ b/src/util/vircgroup.c
> @@ -1104,7 +1104,8 @@ virCgroupNewMachineSystemd(const char *name,
>
> error:
> saved = virSaveLastError();
> - virCgroupRemove(*group);
> + if (*group)
> + virCgroupRemove(*group);
> virCgroupFree(group);
> if (saved) {
> virSetError(saved);
> diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
> index 1f676f21c380..9e1ae3706b1e 100644
> --- a/src/util/vircgroup.h
> +++ b/src/util/vircgroup.h
> @@ -268,7 +268,8 @@ int virCgroupGetCpusetMemoryMigrate(virCgroupPtr group, bool *migrate);
> int virCgroupSetCpusetCpus(virCgroupPtr group, const char *cpus);
> int virCgroupGetCpusetCpus(virCgroupPtr group, char **cpus);
>
> -int virCgroupRemove(virCgroupPtr group);
> +int virCgroupRemove(virCgroupPtr group)
> + ATTRIBUTE_NONNULL(1);
FWIW: This only helps if someone tried to call virCgroupRemove(NULL); it
doesn't help if the parameter itself is NULL. One could add a "if
(!group) return 0" to virCgroupRemove to avoid.
>
> int virCgroupKillRecursive(virCgroupPtr group, int signum);
> int virCgroupKillPainfully(virCgroupPtr group);
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Sep 27, 2018 at 02:38 PM +0200, John Ferlan <jferlan@redhat.com> wrote:
> $subj:
>
> util: Fix cgroup processing NULL pointer dereferencing
I’m fine with this change :)
>
>
> On 9/26/18 11:53 AM, Marc Hartmayer wrote:
>> When virCgroupEnableMissingControllers fails it's possible that *group
>> is still set to NULL. Therefore let's add a guard and an attribute for
>> this.
>
> Prefix paragraph with rather than at the bottom "Fixes:".
Okay.
>
> Introduced by commit 1602aa28f,
>
>>
>> [#0] virCgroupRemove(group=0x0)
>> [#1] virCgroupNewMachineSystemd
>> [#2] virCgroupNewMachine
>> [#3] qemuInitCgroup
>> [#4] qemuSetupCgroup
>> [#5] qemuProcessLaunch
>> [#6] qemuProcessStart
>> [#7] qemuDomainObjStart
>> [#8] qemuDomainCreateWithFlags
>> [#9] qemuDomainCreate
>> ...
>>
>> Fixes: 1602aa28f820ada66f707cef3e536e8572fbda1e
>
> I think it's safe to remove the stack trace...
Okay.
>
>> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
>> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
>> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
>> ---
>> src/util/vircgroup.c | 3 ++-
>> src/util/vircgroup.h | 3 ++-
>> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> While this patch is correct to remove the NULL deref, there "may" be a
> problem with the patch that introduced this. Rather than usurp this
> thread, I'll respond to the other one and see where it takes us.
Okay.
>
> John
>
>>
>> diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
>> index 23957c82c7fa..06e1d158febb 100644
>> --- a/src/util/vircgroup.c
>> +++ b/src/util/vircgroup.c
>> @@ -1104,7 +1104,8 @@ virCgroupNewMachineSystemd(const char *name,
>>
>> error:
>> saved = virSaveLastError();
>> - virCgroupRemove(*group);
>> + if (*group)
>> + virCgroupRemove(*group);
>> virCgroupFree(group);
>> if (saved) {
>> virSetError(saved);
>> diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
>> index 1f676f21c380..9e1ae3706b1e 100644
>> --- a/src/util/vircgroup.h
>> +++ b/src/util/vircgroup.h
>> @@ -268,7 +268,8 @@ int virCgroupGetCpusetMemoryMigrate(virCgroupPtr group, bool *migrate);
>> int virCgroupSetCpusetCpus(virCgroupPtr group, const char *cpus);
>> int virCgroupGetCpusetCpus(virCgroupPtr group, char **cpus);
>>
>> -int virCgroupRemove(virCgroupPtr group);
>> +int virCgroupRemove(virCgroupPtr group)
>> + ATTRIBUTE_NONNULL(1);
>
> FWIW: This only helps if someone tried to call virCgroupRemove(NULL); it
> doesn't help if the parameter itself is NULL. One could add a "if
> (!group) return 0" to virCgroupRemove to avoid.
Thanks for pointing this out! :) I thought it could help Coverity.
>
>>
>> int virCgroupKillRecursive(virCgroupPtr group, int signum);
>> int virCgroupKillPainfully(virCgroupPtr group);
>>
>
--
Kind regards / Beste Grüße
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.