On Thu, 2020-01-16 at 09:46 -0600, Eric Blake wrote: > On 1/10/20 5:32 PM, Jonathon Jongsma wrote: > > We have to assume that the guest agent may be malicious, so we > > don't want to > > allow any agent queries to block any other libvirt API. By holding > > a monitor > > job and an agent job while we're querying the agent, any other > > threads will be > > blocked from using the monitor while the agent is unresponsive. > > Because libvirt > > waits forever for an agent response, this makes us vulnerable to a > > denial of > > service from a malicious (or simply buggy) guest agent. > > > > Most of the patches in the first series were already reviewed and > > pushed, but a > > couple remain: the filesystem info functions. The problem with > > these functions > > is that the agent functions access the vm definition (owned by the > > domain). If > > a monitor job is not held while this is done, the vm definition > > could change > > while we are looking up the disk alias, leading to a potentional > > crash. > > Did we ever hear back on a CVE assignment for the first series? And > do > any of the patches in this series also fall under the CVE umbrella? Good question. I never did hear back about a CVE assignment. This series is just a revision (and refactoring) of a couple of the patches that were NACKed from the first series. So they are relevant to the (potential) CVE. Jonathon
