commit a7a03324d86e111f81687b5315b8f296dde84340
Author: Jim Fehlig <jfehlig@suse.com>
Date:   Thu Nov 18 12:03:20 2021 -0700

    libxl: Protect access to libxlLogger files hash table
    
    The hash table of log file objects in libxlLogger is not protected against
    concurrent access. It is possible for one thread to remove an entry while
    another is updating it. Add a mutex to the libxlLogger object and lock it
    when accessing the files hash table.
    
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
    Reviewed-by: Ján Tomko <jtomko@redhat.com>

Index: libvirt-7.10.0/src/libxl/libxl_logger.c
===================================================================
--- libvirt-7.10.0.orig/src/libxl/libxl_logger.c
+++ libvirt-7.10.0/src/libxl/libxl_logger.c
@@ -28,6 +28,7 @@
 #include "util/virfile.h"
 #include "util/virhash.h"
 #include "util/virstring.h"
+#include "util/virthread.h"
 #include "util/virtime.h"
 
 #define VIR_FROM_THIS VIR_FROM_LIBXL
@@ -43,6 +44,7 @@ struct xentoollog_logger_libvirt {
 
     /* map storing the opened fds: "domid" -> FILE* */
     GHashTable *files;
+    virMutex tableLock;
     FILE *defaultLogFile;
 };
 
@@ -85,7 +87,9 @@ libvirt_vmessage(xentoollog_logger *logg
         start = start + 9;
         *end = '\0';
 
+        virMutexLock(&lg->tableLock);
         domainLogFile = virHashLookup(lg->files, start);
+        virMutexUnlock(&lg->tableLock);
         if (domainLogFile)
             logFile = domainLogFile;
 
@@ -158,6 +162,12 @@ libxlLoggerNew(const char *logDir, virLo
         return NULL;
     }
 
+    if (virMutexInit(&logger.tableLock) < 0) {
+        VIR_FORCE_FCLOSE(logger.defaultLogFile);
+        virHashFree(logger.files);
+        return NULL;
+    }
+
     return XTL_NEW_LOGGER(libvirt, logger);
 }
 
@@ -168,6 +178,7 @@ libxlLoggerFree(libxlLogger *logger)
     if (logger->defaultLogFile)
         VIR_FORCE_FCLOSE(logger->defaultLogFile);
     virHashFree(logger->files);
+    virMutexDestroy(&logger->tableLock);
     xtl_logger_destroy(xtl_logger);
 }
 
@@ -189,7 +200,9 @@ libxlLoggerOpenFile(libxlLogger *logger,
                  path, g_strerror(errno));
         return;
     }
+    virMutexLock(&logger->tableLock);
     ignore_value(virHashAddEntry(logger->files, domidstr, logFile));
+    virMutexUnlock(&logger->tableLock);
 
     /* domain_config is non NULL only when starting a new domain */
     if (domain_config) {
@@ -204,5 +217,7 @@ libxlLoggerCloseFile(libxlLogger *logger
     g_autofree char *domidstr = NULL;
     domidstr = g_strdup_printf("%d", id);
 
+    virMutexLock(&logger->tableLock);
     ignore_value(virHashRemoveEntry(logger->files, domidstr));
+    virMutexUnlock(&logger->tableLock);
 }