[libvirt] [PATCH] qemu: Don't unref domain after exit from nested async job
Peter Krempa
pkrempa at redhat.com
Wed Jan 7 12:52:36 UTC 2015
On 01/07/15 13:41, Martin Kletzander wrote:
> On Wed, Jan 07, 2015 at 12:00:57PM +0100, Peter Krempa wrote:
>> In commit 540c339a2535ec30d79e5ef84d8f50a17bc60723 the whole domain
>> reference counting was refactored in the qemu driver. Domain jobs now
>> don't need to reference the domain object as they now expect the
>> reference from the calling function.
>>
>> However, the patch forgot to remove the unref call in case we exit the
>> monitor when we were acquiring a nested job. This caused the daemon to
>> crash on a subsequent access to the domain object once we've done an
>> operation requiring a nested job for a monitor access.
>>
>> An easy reproducer case:
>>
>> 1) Start a vm with qcow disks
>> 2) virsh snapshot-create-as DOMNAME
>> 3) virsh dumpxml DOMNAME
>> 4) daemon crashes in a semi-random spot while accessing a now-removed VM
>> object.
>>
>> Fortunately, the commit wasn't released yet, so there are no security
>> implications.
>>
>> Reported-by: Shanzi Yu <shyu at redhat.com>
>> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
>> ---
>> Cc: Martin Kletzander <mkletzan at redhat.com>
>> Cc: Shanzi Yu <shyu at redhat.com>
>>
>> src/qemu/qemu_domain.c | 2 --
>> 1 file changed, 2 deletions(-)
>>
>> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>> index bd64409..3d4023c 100644
>> --- a/src/qemu/qemu_domain.c
>> +++ b/src/qemu/qemu_domain.c
>> @@ -1573,8 +1573,6 @@
>> qemuDomainObjExitMonitorInternal(virQEMUDriverPtr driver,
>> qemuDomainObjResetJob(priv);
>> qemuDomainObjSaveJob(driver, obj);
>> virCondSignal(&priv->job.cond);
>> -
>> - virObjectUnref(obj);
>> }
>> }
>>
>
> ACK, thanks for catching that.
>
> Martin
Pushed; Thanks.
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150107/8773cc90/attachment-0001.sig>
More information about the libvir-list
mailing list