From 27213f01f9320cf0fec49980f78a100e64025ba4 Mon Sep 17 00:00:00 2001 Message-Id: <27213f01f9320cf0fec49980f78a100e64025ba4@dist-git> From: Andrea Bolognani Date: Fri, 7 Sep 2018 17:53:32 +0200 Subject: [PATCH] conf: Fix check for chardev source path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Attempting to use a chardev definition like correctly results in an error being reported, since the source path - a required piece of information - is missing; however, the very similar was happily accepted by libvirt, only to result in libvirtd crashing as soon as the guest was started. The issue was caused by checking the chardev's targetType against whitelisted values from virDomainChrChannelTargetType without first checking the chardev's deviceType to make sure it is actually a channel, for which the check makes sense, rather than a different type of chardev. The only reason this wasn't spotted earlier is that the whitelisted values just so happen to correspond to USB and PCI serial devices and Xen and UML consoles respectively, all of which are fairly uncommon. https://bugzilla.redhat.com/show_bug.cgi?id=1609720 Signed-off-by: Andrea Bolognani Reviewed-by: Ján Tomko (cherry picked from commit 614193fac67445a7e92bf620ffef726ed1bd6f07) https://bugzilla.redhat.com/show_bug.cgi?id=1609723 Signed-off-by: Andrea Bolognani Reviewed-by: Erik Skultety --- src/conf/domain_conf.c | 11 +++++++---- .../serial-unix-missing-source.xml | 15 +++++++++++++++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 tests/qemuxml2argvdata/serial-unix-missing-source.xml diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index a881b43b51..240b33f28c 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -5523,11 +5523,14 @@ virDomainChrSourceDefValidate(const virDomainChrSourceDef *def, break; case VIR_DOMAIN_CHR_TYPE_UNIX: - /* path can be auto generated */ + /* The source path can be auto generated for certain specific + * types of channels, but in most cases we should report an + * error if the user didn't provide it */ if (!def->data.nix.path && - (!chr_def || - (chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_XEN && - chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO))) { + !(chr_def && + chr_def->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL && + (chr_def->targetType == VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_XEN || + chr_def->targetType == VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing source path attribute for char device")); return -1; diff --git a/tests/qemuxml2argvdata/serial-unix-missing-source.xml b/tests/qemuxml2argvdata/serial-unix-missing-source.xml new file mode 100644 index 0000000000..1e1221f12d --- /dev/null +++ b/tests/qemuxml2argvdata/serial-unix-missing-source.xml @@ -0,0 +1,15 @@ + + guest + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 1048576 + 1 + + hvm + + + /usr/bin/qemu-system-aarch64 + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 608a2b6ce3..ebe9c8a131 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1363,6 +1363,7 @@ mymain(void) DO_TEST("serial-unix-chardev", QEMU_CAPS_DEVICE_ISA_SERIAL); DO_TEST_CAPS_LATEST("serial-unix-chardev"); + DO_TEST_PARSE_ERROR("serial-unix-missing-source", NONE); DO_TEST("serial-tcp-chardev", QEMU_CAPS_DEVICE_ISA_SERIAL); DO_TEST("serial-udp-chardev", -- 2.19.1