From a7201789ab9ef0fdb0f5e458b301de4232710a18 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 1 Feb 2022 10:21:02 +0100
Subject: [PATCH] virnwfilterbindingobj: Fix virNWFilterBindingObjNew()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The idea behind virNWFilterBindingObjNew() is to create and
return an object of virNWFilterBindingObjClass class. The class
is virObjectLockable (and the corresponding
_virNWFilterBindingObj structure has virObjectLockable parent).
But for some reason plain virObjectNew() is called. This is wrong
because the mutex in the parent is left uninitialized.

Next, the returned object is not locked. This is wrong because in
some cases the returned object is added onto a list of bindings
and then passed to virNWFilterBindingObjEndAPI() which unlocks it
right away. This is potentially dangerous because we might just
have unlocked the object for another thread.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 src/conf/virnwfilterbindingobj.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/conf/virnwfilterbindingobj.c b/src/conf/virnwfilterbindingobj.c
index acea240b5d..d387af68c0 100644
--- a/src/conf/virnwfilterbindingobj.c
+++ b/src/conf/virnwfilterbindingobj.c
@@ -57,10 +57,15 @@ VIR_ONCE_GLOBAL_INIT(virNWFilterBindingObj);
 virNWFilterBindingObj *
 virNWFilterBindingObjNew(void)
 {
+    virNWFilterBindingObj *ret;
     if (virNWFilterBindingObjInitialize() < 0)
         return NULL;
 
-    return virObjectNew(virNWFilterBindingObjClass);
+    if (!(ret = virObjectLockableNew(virNWFilterBindingObjClass)))
+        return NULL;
+
+    virObjectLock(ret);
+    return ret;
 }