[libvirt] [v0.9.12-maint 11/11] Fix race condition when destroying guests

Eric Blake eblake at redhat.com
Wed Sep 11 21:03:12 UTC 2013 

On 09/11/2013 08:17 AM, Ferenc Wágner wrote:
> Backport of 81621f3e6e45e8681cc18ae49404736a0e772a11 and
> f1b4021b38f9485c50d386af6f682ecfc8025af5 to fix a race (resulting in a
> segfault) when destroying domains.
> ---
>  src/qemu/qemu_driver.c | 19 +++++++++++++------
>  1 file changed, 13 insertions(+), 6 deletions(-)

I'd rather see this split into two backports (it's easier to reason
about backports if they are 1:1 from upstream).

> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 0053ed1..c0b4707 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -1827,6 +1827,12 @@ qemuDomainDestroyFlags(virDomainPtr dom,
>  
>      qemuDomainSetFakeReboot(driver, vm, false);
>  
> +
> +    /* We need to prevent monitor EOF callback from doing our work (and sending
> +     * misleading events) while the vm is unlocked inside BeginJob/ProcessKill API
> +     */
> +    priv->beingDestroyed = true;
> +
>      /* Although qemuProcessStop does this already, there may
>       * be an outstanding job active. We want to make sure we
>       * can kill the process even if a job is active. Killing
> @@ -1834,19 +1840,20 @@ qemuDomainDestroyFlags(virDomainPtr dom,
>       */
>      if (flags & VIR_DOMAIN_DESTROY_GRACEFUL) {
>          if (qemuProcessKill(driver, vm, 0) < 0) {
> +            priv->beingDestroyed = false;
>              qemuReportError(VIR_ERR_OPERATION_FAILED, "%s",
>                              _("failed to kill qemu process with SIGTERM"));
>              goto cleanup;
>          }
>      } else {
> -        ignore_value(qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE));
> +        if (qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE) < 0) {
> +            priv->beingDestroyed = false;
> +            qemuReportError(VIR_ERR_OPERATION_FAILED, "%s",
> +                            _("failed to kill qemu process with SIGTERM"));
> +            goto cleanup;
> +        }
>      }
>  
> -    /* We need to prevent monitor EOF callback from doing our work (and sending
> -     * misleading events) while the vm is unlocked inside BeginJob API
> -     */
> -    priv->beingDestroyed = true;
> -
>      if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_DESTROY) < 0)
>          goto cleanup;
>  
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130911/831a40c7/attachment-0001.sig>

More information about the libvir-list mailing list