[continued from previous message]
+@@ -476,7 +476,6 @@ libxlDomainShutdownHandleRestart(libxlDriverPrivatePtr driver,
+ struct libxlEventHandlerThreadInfo
+ {
+ libxlDriverPrivatePtr driver;
+- virDomainObjPtr vm;
+ libxl_event *event;
+ };
+
+@@ -485,7 +484,7 @@ static void
+ libxlDomainShutdownThread(void *opaque)
+ {
+ struct libxlEventHandlerThreadInfo *shutdown_info = opaque;
+- virDomainObjPtr vm = shutdown_info->vm;
++ virDomainObjPtr vm = NULL;
+ libxl_event *ev = shutdown_info->event;
+ libxlDriverPrivatePtr driver = shutdown_info->driver;
+ virObjectEventPtr dom_event = NULL;
+@@ -495,6 +494,12 @@ libxlDomainShutdownThread(void *opaque)
+
+ libxl_domain_config_init(&d_config);
+
++ vm = virDomainObjListFindByID(driver->domains, ev->domid);
++ if (!vm) {
++ /* Nothing to do if we can't find the virDomainObj */
++ goto cleanup;
++ }
++
+ if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
+ goto cleanup;
+
+@@ -614,12 +619,18 @@ static void
+ libxlDomainDeathThread(void *opaque)
+ {
+ struct libxlEventHandlerThreadInfo *death_info = opaque;
+- virDomainObjPtr vm = death_info->vm;
++ virDomainObjPtr vm = NULL;
+ libxl_event *ev = death_info->event;
+ libxlDriverPrivatePtr driver = death_info->driver;
+ virObjectEventPtr dom_event = NULL;
+ g_autoptr(libxlDriverConfig) cfg = libxlDriverConfigGet(driver);
+
++ vm = virDomainObjListFindByID(driver->domains, ev->domid);
++ if (!vm) {
++ /* Nothing to do if we can't find the virDomainObj */
++ goto cleanup;
++ }
++
+ if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
+ goto cleanup;
+
+@@ -648,7 +659,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
+ {
+ libxlDriverPrivatePtr driver = data;
+ libxl_shutdown_reason xl_reason = event->u.domain_shutdown.shutdown_reason;
+- virDomainObjPtr vm = NULL;
+ g_autoptr(libxlDriverConfig) cfg = NULL;
+ struct libxlEventHandlerThreadInfo *thread_info = NULL;
+ virThread thread;
+@@ -667,12 +677,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
+ if (xl_reason == LIBXL_SHUTDOWN_REASON_SUSPEND)
+ goto cleanup;
+
+- vm = virDomainObjListFindByID(driver->domains, event->domid);
+- if (!vm) {
+- /* Nothing to do if we can't find the virDomainObj */
+- goto cleanup;
+- }
+-
+ /*
+ * Start event-specific threads to handle shutdown and death.
+ * They are potentially lengthy operations and we don't want to be
+@@ -682,7 +686,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
+ thread_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
+
+ thread_info->driver = driver;
+- thread_info->vm = vm;
+ thread_info->event = (libxl_event *)event;
+ thread_name = g_strdup_printf("shutdown-event-%d", event->domid);
+ /*
+@@ -697,15 +700,14 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
+ goto cleanup;
+ }
+ /*
+- * virDomainObjEndAPI is called in the shutdown thread, where
+- * libxlEventHandlerThreadInfo and libxl_event are also freed.
++ * libxlEventHandlerThreadInfo and libxl_event are freed in the
++ * shutdown thread
+ */
+ return;
+ } else if (event->type == LIBXL_EVENT_TYPE_DOMAIN_DEATH) {
+ thread_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
+
+ thread_info->driver = driver;
+- thread_info->vm = vm;
+ thread_info->event = (libxl_event *)event;
+ thread_name = g_strdup_printf("death-event-%d", event->domid);
+ /*
+@@ -720,14 +722,13 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
+ goto cleanup;
+ }
+ /*
+- * virDomainObjEndAPI is called in the death thread, where
+- * libxlEventHandlerThreadInfo and libxl_event are also freed.
++ * libxlEventHandlerThreadInfo and libxl_event are freed in the
++ * death thread
+ */
+ return;
+ }
+
+ cleanup:
+- virDomainObjEndAPI(&vm);
+ VIR_FREE(thread_info);
+ cfg = libxlDriverConfigGet(driver);
+ /* Cast away any const */
diff -Nru libvirt-7.0.0/debian/patches/CVE-2021-4147_6.patch libvirt-7.0.0/debian/patches/CVE-2021-4147_6.patch
--- libvirt-7.0.0/debian/patches/CVE-2021-4147_6.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvirt-7.0.0/debian/patches/CVE-2021-4147_6.patch 2024-07-30 21:35:28.000000000 +0200
@@ -0,0 +1,90 @@
+From: Jim Fehlig <
jfehlig@suse.com>
+Date: Thu, 18 Nov 2021 12:03:20 -0700
+Subject: libxl: Protect access to libxlLogger files hash table
+
+The hash table of log file objects in libxlLogger is not protected against +concurrent access. It is possible for one thread to remove an entry while +another is updating it. Add a mutex to the libxlLogger object and lock it +when accessing the files hash table.
+
+Signed-off-by: Jim Fehlig <
jfehlig@suse.com>
+Reviewed-by: Daniel P. Berrangé <
berrange@redhat.com>
+Reviewed-by: Ján Tomko <
jtomko@redhat.com>
+Origin:
https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
+Bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2034195
+Bug-Debian:
https://security-tracker.debian.org/tracker/CVE-2021-4147 +Bug-Debian:
https://bugs.deb