<div dir="ltr"><div dir="ltr"><div dir="ltr">We first produce this bug in rhel7.4's libvir daemon。For easily produce the bug, the step can be as follows:<div>1. add sleep(3) in daemonStreamFilter() pre virMutexLock(&stream->priv->lock), then build libvirtd bin executable, then restart libvirtd</div><div>2. use virsh console open one vm's console, for this console（the vm's kernel need console=ttyS0 boot parameter,then just input from keyboard on and on</div><div>3. use virsh console --force to break the previous console session, than you will get libvirt daemon deadlock。</div><div><br></div><div>And for the problem client->privData to be released problem, only virNetServerClientClose() will free client->privData and client, I think this can be fixed by remove virNetServerClientClose() from daemonStreamEvent(),</div><div>and replace with virNetServerClientImmediateClose(), so virNetServerProcessClients() will test the session would be closed。</div><div><br></div><div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Michal Privoznik <<a href="mailto:mprivozn@redhat.com">mprivozn@redhat.com</a>> 于2019年11月25日周一下午5:38写道：<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 11/25/19 8:34 AM, LanceLiu wrote:<br> > ---<br> > src/libvirt_remote.syms | 1 +<br> > src/remote/remote_daemon_stream.c | 10 +++++++++-<br> > src/rpc/virnetserverclient.c | 12 ++++++++++++<br> > src/rpc/virnetserverclient.h | 2 ++<br> > 4 files changed, 24 insertions(+), 1 deletion(-)<br> <br> Please format commit messages following title + message format (look at <br> git log how other messages are formatted).<br> <br> > <br> > diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms<br> > index 0493467..c32e234 100644<br> > --- a/src/libvirt_remote.syms<br> > +++ b/src/libvirt_remote.syms<br> > @@ -173,6 +173,7 @@ virNetServerClientPreExecRestart;<br> > virNetServerClientRemoteAddrStringSASL;<br> > virNetServerClientRemoteAddrStringURI;<br> > virNetServerClientRemoveFilter;<br> > +virNetServerClientCheckFilterExist;<br> > virNetServerClientSendMessage;<br> > virNetServerClientSetAuthLocked;<br> > virNetServerClientSetAuthPendingLocked;<br> > diff --git a/src/remote/remote_daemon_stream.c b/src/remote/remote_daemon_stream.c<br> > index 82cadb6..de0dca3 100644<br> > --- a/src/remote/remote_daemon_stream.c<br> > +++ b/src/remote/remote_daemon_stream.c<br> > @@ -292,10 +292,18 @@ daemonStreamFilter(virNetServerClientPtr client,<br> > {<br> > daemonClientStream *stream = opaque;<br> > int ret = 0;<br> > + daemonClientPrivatePtr priv = NULL;<br> > + int filter_id = stream->filterID;<br> > <br> > virObjectUnlock(client);<br> > + priv = virNetServerClientGetPrivateData(client);<br> <br> This is not needed.<br> <br> > virMutexLock(&stream->priv->lock);<br> > virObjectLock(client);<br> > + if (!virNetServerClientCheckFilterExist(client, filter_id)) {<br> > + VIR_WARN("this daemon stream filter: %d have been deleted!", filter_id);<br> > + ret = -1;<br> > + goto cleanup;<br> > + }<br> > <br> > if (msg->header.type != VIR_NET_STREAM &&<br> > msg->header.type != VIR_NET_STREAM_HOLE)<br> > @@ -317,7 +325,7 @@ daemonStreamFilter(virNetServerClientPtr client,<br> > ret = 1;<br> > <br> > cleanup:<br> > - virMutexUnlock(&stream->priv->lock);<br> > + virMutexUnlock(&priv->lock);<br> <br> This is not needed: stream->priv and priv are the same structure.<br> <br> > return ret;<br> > }<br> > <br> <br> Anyway, this still doesn't work. Problem is, that if a stream is <br> removed, the private data might be removed too and hence <br> virMutexLock(&stream->priv->lock) will do something undefined (besides <br> accessing freed memory). In my testing the daemon deadlocks because it's <br> trying to lock stream-priv->lock which is locked.<br> <br> As I said in the other thread - we need to re-evaluate the first commit. <br> Do you have a reproducer for the original problem please?<br> <br> Michal<br> <br> </blockquote></div>