[libvirt] [PATCH 4/4] libxl: fix crash in migrate confirm for transient domains

[Jim Fehlig]

In libxlDomainMigrationConfirm(), a transient domain is removed
from the domain list after successful migration.  Later in cleanup,
the domain object is unlocked, resulting in a crash

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fb4208ed700 (LWP 12044)]
0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
  parent=0x7fb42830d0c0) at util/virobject.c:169
169	        if (klass->magic == parent->magic)
(gdb) bt
0  0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
  parent=0x7fb42830d0c0) at util/virobject.c:169
1  0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0,
  klass=0x7fb42830d0c0) at util/virobject.c:365
2  0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0)
  at util/virobject.c:338
3  0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0,
  vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583

Fix by setting the virDomainObjPtr to NULL after removing it from
the domain list.

Signed-off-by: Jim Fehlig <jfehlig at suse.com>
---
 src/libxl/libxl_migration.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/libxl/libxl_migration.c b/src/libxl/libxl_migration.c
index ce3f9d5..dbb5a8f 100644
--- a/src/libxl/libxl_migration.c
+++ b/src/libxl/libxl_migration.c
@@ -566,8 +566,10 @@ libxlDomainMigrationConfirm(libxlDriverPrivatePtr driver,
     if (flags & VIR_MIGRATE_UNDEFINE_SOURCE)
         virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm);
 
-    if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE))
+    if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE)) {
         virDomainObjListRemove(driver->domains, vm);
+        vm = NULL;
+    }
 
     ret = 0;
 
-- 
1.8.4.5