On 7/2/24 16:57, Rayhan Faizel wrote: > The current hostdev parsing logic sets rawio or sgio even if the hostdev type > is not 'scsi'. The rawio field in virDomainHostdevSubsysSCSI overlaps with > wwpn field in virDomainHostdevSubsysSCSIVHost, consequently setting a bogus > pointer value such as 0x1 or 0x2 from virDomainHostdevSubsysSCSIVHost's > point of view. This leads to a segmentation fault when it attempts to free > wwpn. > > While setting sgio does not appear to crash, it shares the same flawed logic > as setting rawio. > > Instead, we ensure these are set only after the hostdev type check succeeds. > This patch also adds two test cases to exercise both scenarios. > > Fixes: bdb95b520c53f9bacc6504fc51381bac4813be38 > Signed-off-by: Rayhan Faizel <rayhan.faizel@xxxxxxxxx> > --- > > [Changes in v2] > > - Reworked fix to use temporary variables instead of xpath queries. > - Added comments for future reference. > - Mention fixed commit. > > src/conf/domain_conf.c | 26 +++++++++--- > ...scsi-vhost-rawio-invalid.x86_64-latest.err | 1 + > .../hostdev-scsi-vhost-rawio-invalid.xml | 41 +++++++++++++++++++ > ...-scsi-vhost-sgio-invalid.x86_64-latest.err | 1 + > .../hostdev-scsi-vhost-sgio-invalid.xml | 41 +++++++++++++++++++ > tests/qemuxmlconftest.c | 2 + > 6 files changed, 106 insertions(+), 6 deletions(-) > create mode 100644 tests/qemuxmlconfdata/hostdev-scsi-vhost-rawio-invalid.x86_64-latest.err > create mode 100644 tests/qemuxmlconfdata/hostdev-scsi-vhost-rawio-invalid.xml > create mode 100644 tests/qemuxmlconfdata/hostdev-scsi-vhost-sgio-invalid.x86_64-latest.err > create mode 100644 tests/qemuxmlconfdata/hostdev-scsi-vhost-sgio-invalid.xml Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal
