[libvirt] [PATCH 4/4] libxl: fix crash in migrate confirm for transient domains

Jim Fehlig jfehlig at suse.com
Tue Jul 8 23:17:48 UTC 2014


Eric Blake wrote:
> On 07/08/2014 03:52 PM, Jim Fehlig wrote:
>   
>> In libxlDomainMigrationConfirm(), a transient domain is removed
>> from the domain list after successful migration.  Later in cleanup,
>> the domain object is unlocked, resulting in a crash
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x7fb4208ed700 (LWP 12044)]
>> 0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
>>   parent=0x7fb42830d0c0) at util/virobject.c:169
>> 169	        if (klass->magic == parent->magic)
>> (gdb) bt
>> 0  0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
>>   parent=0x7fb42830d0c0) at util/virobject.c:169
>> 1  0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0,
>>   klass=0x7fb42830d0c0) at util/virobject.c:365
>> 2  0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0)
>>   at util/virobject.c:338
>> 3  0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0,
>>   vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583
>>
>> Fix by setting the virDomainObjPtr to NULL after removing it from
>> the domain list.
>>
>> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
>> ---
>>  src/libxl/libxl_migration.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>     
>
> ACK.
>   

Thanks for the reviews.  I've pushed the series now.

Regards,
Jim




More information about the libvir-list mailing list