From: Christophe Fergeau Date: Tue, 10 Jul 2012 10:02:10 +0000 (+0200) Subject: Fix /domain/features setting in qemuParseCommandLine X-Git-Tag: CVE-2012-3445~189 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=626dd5180e472c0b4c0c5fb7072358743ca63653;p=thirdparty%2Flibvirt.git Fix /domain/features setting in qemuParseCommandLine Commit 5e6ce1 moved down detection of the ACPI feature in qemuParseCommandLine. However, when ACPI is detected, it clears all feature flags in def->features to only set ACPI. This used to be fine because this was the first place were def->features was set, but after the move this is no longer necessarily true because this block comes before the ACPI check: if (strstr(def->emulator, "kvm")) { def->virtType = VIR_DOMAIN_VIRT_KVM; def->features |= (1 << VIR_DOMAIN_FEATURE_PAE); } Since def is allocated in qemuParseCommandLine using VIR_ALLOC, we can always use |= when modifying def->features --- diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 94b2919f52..8fa3ec3b69 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7553,7 +7553,7 @@ virDomainDefPtr qemuParseCommandLine(virCapsPtr caps, goto no_memory; if (STREQ(def->os.arch, "i686")||STREQ(def->os.arch, "x86_64")) - def->features = (1 << VIR_DOMAIN_FEATURE_ACPI) + def->features |= (1 << VIR_DOMAIN_FEATURE_ACPI) /*| (1 << VIR_DOMAIN_FEATURE_APIC)*/; #define WANT_VALUE() \ const char *val = progargv[++i]; \ diff --git a/tests/qemuxml2argvdata/qemuxml2argv-kvmclock.xml b/tests/qemuxml2argvdata/qemuxml2argv-kvmclock.xml index e07c1f655a..8abcb51914 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-kvmclock.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-kvmclock.xml @@ -8,6 +8,9 @@ hvm + + +