On 3/17/25 14:57, Martin Kletzander wrote: > On Mon, Mar 17, 2025 at 12:28:50PM +0100, Michal Privoznik via Devel wrote: >> So far, we only process NIC_RX_FILTER_CHANGED event when the >> corresponding device has 'trustGuestRxFilters' enabled. And the >> event is emitted only for virtio model. IOW, this is fairly >> limited situation and other scenarios don't emit any event (e.g. >> change of MAC address on a PCI passthrough device). >> >> Resolves: https://issues.redhat.com/browse/RHEL-7035 >> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> >> --- >> src/qemu/qemu_domain.c | 16 +++++++++++++++- >> src/qemu/qemu_domain.h | 3 ++- >> src/qemu/qemu_driver.c | 9 ++++++--- >> src/qemu/qemu_process.c | 2 +- >> 4 files changed, 24 insertions(+), 6 deletions(-) >> >> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c >> index 47ae59d408..9dc0a03849 100644 >> --- a/src/qemu/qemu_domain.c >> +++ b/src/qemu/qemu_domain.c >> @@ -11018,7 +11018,8 @@ syncNicRxFilterMulticast(char *ifname, >> int >> qemuDomainSyncRxFilter(virDomainObj *vm, >> virDomainNetDef *def, >> - virDomainAsyncJob asyncJob) >> + virDomainAsyncJob asyncJob, >> + virObjectEvent **event) >> { >> qemuDomainObjPrivate *priv = vm->privateData; >> g_autoptr(virNetDevRxFilter) guestFilter = NULL; >> @@ -11085,6 +11086,19 @@ qemuDomainSyncRxFilter(virDomainObj *vm, >> } else { >> VIR_FREE(def->guestAddress); > > If the mac address changed *to* the same one that is configured this is > free'd, but oldMAC still points to it. > >> } >> + >> + if (event) { >> + char oldMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; >> + char newMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; >> + >> + virMacAddrFormat(&def->mac, oldMAC); > > And then in such case this is use after free. Not really, there's a difference between oldMAC and oldMac O:-) But I see what you mean, and in fact, that should have been s/def->mac/oldMac/. I'll post a v2 shortly. Michal
