A few upstream patches to fix 79692c38-libxl-dom0-maxmem.patch

- libxl: more fixes for dom0 maxmem setting
  4ab0c959-libxl-mem-leak.patch, 2dc1cf19-libxl-double-free.patch
  bsc#1017762

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=584

2dc1cf19-libxl-double-free.patch

@@ -0,0 +1,27 @@
+commit 2dc1cf19dbaf648662fbf3c810db65ddcf5d0444
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Wed Feb 15 10:45:27 2017 -0700
+
+    libxl: fix potential double free in libxlDriverGetDom0MaxmemConf
+    
+    Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
+    but introduced a potential double free of mem_tokens
+    
+    *** Error in `/usr/sbin/libvirtd': double free or corruption (out):
+        0x00007fffc808cfd0 ***
+    
+    Avoid double free by setting mem_tokens to NULL after calling
+    virStringListFree.
+
+Index: libvirt-3.0.0/src/libxl/libxl_conf.c
+===================================================================
+--- libvirt-3.0.0.orig/src/libxl/libxl_conf.c
++++ libvirt-3.0.0/src/libxl/libxl_conf.c
+@@ -1623,6 +1623,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriver
+             }
+         }
+         virStringListFree(mem_tokens);
++        mem_tokens = NULL;
+     }
+ 
+  physmem:

4ab0c959-libxl-mem-leak.patch

@@ -0,0 +1,25 @@
+commit 4ab0c959e936de7fa2752160ff532913740d4da9
+Author: John Ferlan <jferlan@redhat.com>
+Date:   Fri Feb 10 06:54:56 2017 -0500
+
+    libxl: Resolve possible resource leak in dom0 maximum memory setting
+    
+    If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
+    or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
+    is hit, control goes back to the outer loop processing 'cmd_tokens' and
+    it's possible that the 'mem_tokens' would be overwritten.
+    
+    Found by Coverity
+
+Index: libvirt-3.0.0/src/libxl/libxl_conf.c
+===================================================================
+--- libvirt-3.0.0.orig/src/libxl/libxl_conf.c
++++ libvirt-3.0.0/src/libxl/libxl_conf.c
+@@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriver
+                 goto cleanup;
+             }
+         }
++        virStringListFree(mem_tokens);
+     }
+ 
+  physmem:

libvirt.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Feb 16 23:57:37 UTC 2017 - jfehlig@suse.com
+
+- libxl: more fixes for dom0 maxmem setting
+  4ab0c959-libxl-mem-leak.patch, 2dc1cf19-libxl-double-free.patch
+  bsc#1017762
+
 -------------------------------------------------------------------
 Fri Feb 10 20:29:46 UTC 2017 - jfehlig@suse.com
 

libvirt.spec

@@ -325,6 +325,8 @@ Patch8:         ff225538-libxl-autoballoon-setting.patch
 Patch9:         c89a6e78-libxl-physinfo-cleanup.patch
 Patch10:        d2b77608-libxl-maxmem-fix.patch
 Patch11:        79692c38-libxl-dom0-maxmem.patch
+Patch12:        4ab0c959-libxl-mem-leak.patch
+Patch13:        2dc1cf19-libxl-double-free.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       apparmor-errormsg-fix.patch
@@ -737,9 +739,9 @@ capabilities of recent versions of Linux (and other OSes).
 
 %package libs
 Summary:        Client side libraries
-Group:          Development/Libraries/C and C++
 # So remote clients can access libvirt over SSH tunnel
 # (client invokes 'nc' against the UNIX socket on the server)
+Group:          Development/Libraries/C and C++
 Requires:       netcat-openbsd
 # Not technically required, but makes 'out-of-box' config
 # work correctly & doesn't have onerous dependencies
@@ -817,6 +819,8 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
+%patch13 -p1
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1