From: Alexandre Derumier Date: Thu, 13 Oct 2016 09:25:36 +0000 (+0200) Subject: qemu2.7 : qmp-fix-object-add-assert-without-props X-Git-Url: https://git.proxmox.com/?p=pve-qemu-kvm.git;a=commitdiff_plain;h=907d00e27fd4a1038c6618d194143ee5acc3e3fb qemu2.7 : qmp-fix-object-add-assert-without-props This fix object-add iothread crash Signed-off-by: Alexandre Derumier --- diff --git a/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props b/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props new file mode 100644 index 0000000..dc03931 --- /dev/null +++ b/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props @@ -0,0 +1,66 @@ +From d803b04e8203f48901186a27ab688326aa5569ec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Fri, 23 Sep 2016 00:39:25 +0400 +Subject: [PATCH 1/4] qmp: fix object-add assert() without props +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since commit ad739706bbadee49, user_creatable_add_type() expects to be +given a qdict. However, if object-add is called without props, you reach +the assert: "qemu/qom/object_interfaces.c:115: user_creatable_add_type: +Assertion `qdict' failed.", because the qdict isn't created in this +case (it's optional). + +Furthermore, qmp_input_visitor_new() is not meant to be called without a +dict, and a further commit will assert in this situation. + +If none given, create an empty qdict in qmp to avoid the +user_creatable_add_type() assert(qdict). + +Signed-off-by: Marc-André Lureau +Reviewed-by: Eric Blake +Message-Id: <20160922203927.28241-2-marcandre.lureau@redhat.com> +Tested-by: Xiao Long Jiang +Reviewed-by: Markus Armbruster +Signed-off-by: Markus Armbruster +--- + qmp.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/qmp.c b/qmp.c +index b6d531e..c485abe 100644 +--- a/qmp.c ++++ b/qmp.c +@@ -654,7 +654,7 @@ void qmp_add_client(const char *protocol, const char *fdname, + void qmp_object_add(const char *type, const char *id, + bool has_props, QObject *props, Error **errp) + { +- const QDict *pdict = NULL; ++ QDict *pdict; + Visitor *v; + Object *obj; + +@@ -664,14 +664,18 @@ void qmp_object_add(const char *type, const char *id, + error_setg(errp, QERR_INVALID_PARAMETER_TYPE, "props", "dict"); + return; + } ++ QINCREF(pdict); ++ } else { ++ pdict = qdict_new(); + } + +- v = qmp_input_visitor_new(props, true); ++ v = qmp_input_visitor_new(QOBJECT(pdict), true); + obj = user_creatable_add_type(type, id, pdict, v, errp); + visit_free(v); + if (obj) { + object_unref(obj); + } ++ QDECREF(pdict); + } + + void qmp_object_del(const char *id, Error **errp) +-- +2.1.4 + diff --git a/debian/patches/series b/debian/patches/series index 0283083..87b7a66 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -45,6 +45,7 @@ extra/x86-lapic-Load-LAPIC-state-at-post_load.patch extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch extra/0002-net-vmxnet-initialise-local-tx-descriptor.patch extra/0003-net-limit-allocation-in-nc_sendv_compat.patch +extra/0004-qmp-fix-object-add-assert-without-props extra/CVE-2016-7155-scsi-check-page-count-while-initialising-descriptor-.patch extra/CVE-2016-7156-scsi-pvscsi-avoid-infinite-loop-while-building-SG-li.patch extra/CVE-2016-7157-scsi-mptconfig-fix-an-assert-expression.patch