From 938d7e0b242a3b8b69ac1bb3694c3f93f1d038b775ac30bee2e52d0010e58571 Mon Sep 17 00:00:00 2001
From: James Fehlig <jfehlig@suse.com>
Date: Fri, 17 Feb 2017 00:31:00 +0000
Subject: [PATCH] A few upstream patches to fix
 79692c38-libxl-dom0-maxmem.patch

- libxl: more fixes for dom0 maxmem setting
  4ab0c959-libxl-mem-leak.patch, 2dc1cf19-libxl-double-free.patch
  bsc#1017762

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=584
---
 2dc1cf19-libxl-double-free.patch | 27 +++++++++++++++++++++++++++
 4ab0c959-libxl-mem-leak.patch    | 25 +++++++++++++++++++++++++
 libvirt.changes                  |  7 +++++++
 libvirt.spec                     |  6 +++++-
 4 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 2dc1cf19-libxl-double-free.patch
 create mode 100644 4ab0c959-libxl-mem-leak.patch

diff --git a/2dc1cf19-libxl-double-free.patch b/2dc1cf19-libxl-double-free.patch
new file mode 100644
index 0000000..eaca4ed
--- /dev/null
+++ b/2dc1cf19-libxl-double-free.patch
@@ -0,0 +1,27 @@
+commit 2dc1cf19dbaf648662fbf3c810db65ddcf5d0444
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Wed Feb 15 10:45:27 2017 -0700
+
+    libxl: fix potential double free in libxlDriverGetDom0MaxmemConf
+    
+    Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
+    but introduced a potential double free of mem_tokens
+    
+    *** Error in `/usr/sbin/libvirtd': double free or corruption (out):
+        0x00007fffc808cfd0 ***
+    
+    Avoid double free by setting mem_tokens to NULL after calling
+    virStringListFree.
+
+Index: libvirt-3.0.0/src/libxl/libxl_conf.c
+===================================================================
+--- libvirt-3.0.0.orig/src/libxl/libxl_conf.c
++++ libvirt-3.0.0/src/libxl/libxl_conf.c
+@@ -1623,6 +1623,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriver
+             }
+         }
+         virStringListFree(mem_tokens);
++        mem_tokens = NULL;
+     }
+ 
+  physmem:
diff --git a/4ab0c959-libxl-mem-leak.patch b/4ab0c959-libxl-mem-leak.patch
new file mode 100644
index 0000000..cc12b64
--- /dev/null
+++ b/4ab0c959-libxl-mem-leak.patch
@@ -0,0 +1,25 @@
+commit 4ab0c959e936de7fa2752160ff532913740d4da9
+Author: John Ferlan <jferlan@redhat.com>
+Date:   Fri Feb 10 06:54:56 2017 -0500
+
+    libxl: Resolve possible resource leak in dom0 maximum memory setting
+    
+    If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
+    or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
+    is hit, control goes back to the outer loop processing 'cmd_tokens' and
+    it's possible that the 'mem_tokens' would be overwritten.
+    
+    Found by Coverity
+
+Index: libvirt-3.0.0/src/libxl/libxl_conf.c
+===================================================================
+--- libvirt-3.0.0.orig/src/libxl/libxl_conf.c
++++ libvirt-3.0.0/src/libxl/libxl_conf.c
+@@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriver
+                 goto cleanup;
+             }
+         }
++        virStringListFree(mem_tokens);
+     }
+ 
+  physmem:
diff --git a/libvirt.changes b/libvirt.changes
index ad463df..02745d2 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Feb 16 23:57:37 UTC 2017 - jfehlig@suse.com
+
+- libxl: more fixes for dom0 maxmem setting
+  4ab0c959-libxl-mem-leak.patch, 2dc1cf19-libxl-double-free.patch
+  bsc#1017762
+
 -------------------------------------------------------------------
 Fri Feb 10 20:29:46 UTC 2017 - jfehlig@suse.com
 
diff --git a/libvirt.spec b/libvirt.spec
index f232ef6..2f0d841 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -325,6 +325,8 @@ Patch8:         ff225538-libxl-autoballoon-setting.patch
 Patch9:         c89a6e78-libxl-physinfo-cleanup.patch
 Patch10:        d2b77608-libxl-maxmem-fix.patch
 Patch11:        79692c38-libxl-dom0-maxmem.patch
+Patch12:        4ab0c959-libxl-mem-leak.patch
+Patch13:        2dc1cf19-libxl-double-free.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       apparmor-errormsg-fix.patch
@@ -737,9 +739,9 @@ capabilities of recent versions of Linux (and other OSes).
 
 %package libs
 Summary:        Client side libraries
-Group:          Development/Libraries/C and C++
 # So remote clients can access libvirt over SSH tunnel
 # (client invokes 'nc' against the UNIX socket on the server)
+Group:          Development/Libraries/C and C++
 Requires:       netcat-openbsd
 # Not technically required, but makes 'out-of-box' config
 # work correctly & doesn't have onerous dependencies
@@ -817,6 +819,8 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
+%patch13 -p1
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1