[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 2/7] Fix crash formatting virtio console



From: "Daniel P. Berrange" <berrange redhat com>

qemuBuildVirtioSerialPortDevStr was mistakenly accessing the
target.name field in the virDomainChrDef object for chardevs
belonging to a console. Those chardevs only have port set,
and if there's > 1 console, the > 1port number results in
trying to access a target.name with address 0x1

* src/qemu/qemu_command.c: Fix target.name handling and
  make code more robust wrt error reporting

* src/qemu/qemu_command.c: Conditionally access target.name
---
 src/qemu/qemu_command.c |   39 +++++++++++++++++++++++++++------------
 1 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index bfa0b63..24d3dd1 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2845,13 +2845,24 @@ qemuBuildVirtioSerialPortDevStr(virDomainChrDefPtr dev,
                                 virBitmapPtr qemuCaps)
 {
     virBuffer buf = VIR_BUFFER_INITIALIZER;
-    if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE)
+    switch (dev->deviceType) {
+    case VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE:
         virBufferAddLit(&buf, "virtconsole");
-    else if (qemuCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPICEVMC) &&
-             dev->source.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC)
-        virBufferAddLit(&buf, "spicevmc");
-    else
-        virBufferAddLit(&buf, "virtserialport");
+        break;
+    case VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL:
+        /* Legacy syntax  '-device spicevmc' */
+        if (dev->source.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC &&
+            qemuCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPICEVMC)) {
+            virBufferAddLit(&buf, "spicevmc");
+        } else {
+            virBufferAddLit(&buf, "virtserialport");
+        }
+        break;
+    default:
+        qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                        _("Cannot use virtio serial for parallel/serial devices"));
+        return NULL;
+    }
 
     if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
         /* Check it's a virtio-serial address */
@@ -2872,7 +2883,8 @@ qemuBuildVirtioSerialPortDevStr(virDomainChrDefPtr dev,
                           dev->info.addr.vioserial.port);
     }
 
-    if (dev->source.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC &&
+    if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
+        dev->source.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC &&
         dev->target.name &&
         STRNEQ(dev->target.name, "com.redhat.spice.0")) {
         qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED,
@@ -2880,15 +2892,18 @@ qemuBuildVirtioSerialPortDevStr(virDomainChrDefPtr dev,
                         dev->target.name);
         goto error;
     }
-    if (qemuCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPICEVMC) &&
-        dev->source.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC) {
-        virBufferAsprintf(&buf, ",id=%s", dev->info.alias);
-    } else {
+
+    if (!(dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
+          dev->source.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC &&
+          qemuCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPICEVMC))) {
         virBufferAsprintf(&buf, ",chardev=char%s,id=%s",
                           dev->info.alias, dev->info.alias);
-        if (dev->target.name) {
+        if (dev->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
+            dev->target.name) {
             virBufferAsprintf(&buf, ",name=%s", dev->target.name);
         }
+    } else {
+        virBufferAsprintf(&buf, ",id=%s", dev->info.alias);
     }
     if (virBufferError(&buf)) {
         virReportOOMError();
-- 
1.7.6.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]