[libvirt] [PATCH] qemu: Don't unref domain after exit from nested async job
Martin Kletzander
mkletzan at redhat.com
Wed Jan 7 12:41:29 UTC 2015
On Wed, Jan 07, 2015 at 12:00:57PM +0100, Peter Krempa wrote:
>In commit 540c339a2535ec30d79e5ef84d8f50a17bc60723 the whole domain
>reference counting was refactored in the qemu driver. Domain jobs now
>don't need to reference the domain object as they now expect the
>reference from the calling function.
>
>However, the patch forgot to remove the unref call in case we exit the
>monitor when we were acquiring a nested job. This caused the daemon to
>crash on a subsequent access to the domain object once we've done an
>operation requiring a nested job for a monitor access.
>
>An easy reproducer case:
>
>1) Start a vm with qcow disks
>2) virsh snapshot-create-as DOMNAME
>3) virsh dumpxml DOMNAME
>4) daemon crashes in a semi-random spot while accessing a now-removed VM
>object.
>
>Fortunately, the commit wasn't released yet, so there are no security
>implications.
>
>Reported-by: Shanzi Yu <shyu at redhat.com>
>Signed-off-by: Peter Krempa <pkrempa at redhat.com>
>---
>Cc: Martin Kletzander <mkletzan at redhat.com>
>Cc: Shanzi Yu <shyu at redhat.com>
>
> src/qemu/qemu_domain.c | 2 --
> 1 file changed, 2 deletions(-)
>
>diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>index bd64409..3d4023c 100644
>--- a/src/qemu/qemu_domain.c
>+++ b/src/qemu/qemu_domain.c
>@@ -1573,8 +1573,6 @@ qemuDomainObjExitMonitorInternal(virQEMUDriverPtr driver,
> qemuDomainObjResetJob(priv);
> qemuDomainObjSaveJob(driver, obj);
> virCondSignal(&priv->job.cond);
>-
>- virObjectUnref(obj);
> }
> }
>
ACK, thanks for catching that.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150107/60b9bd5d/attachment-0001.sig>
More information about the libvir-list
mailing list