virt/libvirt/debian/patches/CVE-2021-4147_1.patch

From: Jim Fehlig <jfehlig@suse.com>
Date: Fri, 29 Oct 2021 14:16:33 -0600
Subject: libxl: Disable death events after receiving a shutdown event

The libxl driver will handle all domain destruction and cleanup
when receiving a domain shutdown event from libxl. Commit fa30ee04a2a
introduced the ignoreDeathEvent boolean in the DomainObjPrivate struct
to ignore subsequent death events from libxl. But libxl already provides
a mechanism to disable death events via libxl_evdisable_domain_death.

This patch partially reverts commit fa30ee04a2a and instead uses
libxl_evdisable_domain_death to disable subsequent death events when
processing a shutdown event.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
 src/libxl/libxl_domain.c | 23 +++++------------------
 src/libxl/libxl_domain.h |  3 ---
 2 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 63938d5..f97c6da 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -614,12 +614,6 @@ static void
 libxlDomainHandleDeath(libxlDriverPrivatePtr driver, virDomainObjPtr vm)
 {
     virObjectEventPtr dom_event = NULL;
-    libxlDomainObjPrivatePtr priv = vm->privateData;
-
-    if (priv->ignoreDeathEvent) {
-        priv->ignoreDeathEvent = false;
-        return;
-    }
 
     if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
         return;
@@ -667,7 +661,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
     }
 
     if (event->type == LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN) {
-        libxlDomainObjPrivatePtr priv = vm->privateData;
         struct libxlShutdownThreadInfo *shutdown_info = NULL;
         virThread thread;
         g_autofree char *name = NULL;
@@ -684,12 +677,9 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
         name = g_strdup_printf("ev-%d", event->domid);
         /*
          * Cleanup will be handled by the shutdown thread.
-         * Ignore the forthcoming death event from libxl
          */
-        priv->ignoreDeathEvent = true;
         if (virThreadCreateFull(&thread, false, libxlDomainShutdownThread,
                                 name, false, shutdown_info) < 0) {
-             priv->ignoreDeathEvent = false;
             /*
              * Not much we can do on error here except log it.
              */
@@ -813,18 +803,17 @@ libxlDomainDestroyInternal(libxlDriverPrivatePtr driver,
     libxlDomainObjPrivatePtr priv = vm->privateData;
     int ret = -1;
 
-    /* Ignore next LIBXL_EVENT_TYPE_DOMAIN_DEATH as the caller will handle
-     * domain death appropriately already (having more info, like the reason).
-     */
-    priv->ignoreDeathEvent = true;
+    if (priv->deathW) {
+        libxl_evdisable_domain_death(cfg->ctx, priv->deathW);
+        priv->deathW = NULL;
+    }
+
     /* Unlock virDomainObj during destroy, which can take considerable
      * time on large memory domains.
      */
     virObjectUnlock(vm);
     ret = libxl_domain_destroy(cfg->ctx, vm->def->id, NULL);
     virObjectLock(vm);
-    if (ret)
-        priv->ignoreDeathEvent = false;
 
     return ret;
 }
@@ -877,8 +866,6 @@ libxlDomainCleanup(libxlDriverPrivatePtr driver,
         priv->deathW = NULL;
     }
 
-    priv->ignoreDeathEvent = false;
-
     if (!!g_atomic_int_dec_and_test(&driver->nactive) && driver->inhibitCallback)
         driver->inhibitCallback(false, driver->inhibitOpaque);
 
diff --git a/src/libxl/libxl_domain.h b/src/libxl/libxl_domain.h
index 0068254..e06a88b 100644
--- a/src/libxl/libxl_domain.h
+++ b/src/libxl/libxl_domain.h
@@ -62,9 +62,6 @@ struct _libxlDomainObjPrivate {
     /* console */
     virChrdevsPtr devs;
     libxl_evgen_domain_death *deathW;
-    /* Flag to indicate the upcoming LIBXL_EVENT_TYPE_DOMAIN_DEATH is caused
-     * by libvirt and should not be handled separately */
-    bool ignoreDeathEvent;
     virThreadPtr migrationDstReceiveThr;
     unsigned short migrationPort;
     char *lockState;