[libvirt] [PATCH v2] tests: fix segfault in objecteventtest
Roman Bogorodskiy
bogorodskiy at gmail.com
Thu Aug 25 05:50:27 UTC 2016
Test 12 from objecteventtest (createXML add event) segaults on FreeBSD
with bus error.
At some point it calls testNodeDeviceDestroy() from the test driver. And
it fails when it tries to unlock the device in the "out:" label of this
function.
Unlocking fails because the previous step was a call to
virNodeDeviceObjRemove from conf/node_device_conf.c. This function
removes the given device from the device list and cleans up the object,
including destroying of its mutex. However, it does not nullify the pointer
that was given to it.
As a result, we end up in testNodeDeviceDestroy() here:
out:
if (obj)
virNodeDeviceObjUnlock(obj);
And instead of skipping this, we try to do Unlock and fail because of
malformed mutex.
Change virNodeDeviceObjRemove to use double pointer and set pointer to
NULL.
---
src/conf/node_device_conf.c | 13 +++++++------
src/conf/node_device_conf.h | 2 +-
src/node_device/node_device_hal.c | 4 ++--
src/test/test_driver.c | 2 +-
4 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c
index a23d8ef..719abcd 100644
--- a/src/conf/node_device_conf.c
+++ b/src/conf/node_device_conf.c
@@ -207,22 +207,23 @@ virNodeDeviceObjPtr virNodeDeviceAssignDef(virNodeDeviceObjListPtr devs,
}
void virNodeDeviceObjRemove(virNodeDeviceObjListPtr devs,
- virNodeDeviceObjPtr dev)
+ virNodeDeviceObjPtr *dev)
{
size_t i;
- virNodeDeviceObjUnlock(dev);
+ virNodeDeviceObjUnlock(*dev);
for (i = 0; i < devs->count; i++) {
- virNodeDeviceObjLock(dev);
- if (devs->objs[i] == dev) {
- virNodeDeviceObjUnlock(dev);
+ virNodeDeviceObjLock(*dev);
+ if (devs->objs[i] == *dev) {
+ virNodeDeviceObjUnlock(*dev);
virNodeDeviceObjFree(devs->objs[i]);
+ *dev = NULL;
VIR_DELETE_ELEMENT(devs->objs, i, devs->count);
break;
}
- virNodeDeviceObjUnlock(dev);
+ virNodeDeviceObjUnlock(*dev);
}
}
diff --git a/src/conf/node_device_conf.h b/src/conf/node_device_conf.h
index 8f23a98..9f00500 100644
--- a/src/conf/node_device_conf.h
+++ b/src/conf/node_device_conf.h
@@ -249,7 +249,7 @@ virNodeDeviceObjPtr virNodeDeviceAssignDef(virNodeDeviceObjListPtr devs,
virNodeDeviceDefPtr def);
void virNodeDeviceObjRemove(virNodeDeviceObjListPtr devs,
- virNodeDeviceObjPtr dev);
+ virNodeDeviceObjPtr *dev);
char *virNodeDeviceDefFormat(const virNodeDeviceDef *def);
diff --git a/src/node_device/node_device_hal.c b/src/node_device/node_device_hal.c
index ef0cd9c..fb7bf25 100644
--- a/src/node_device/node_device_hal.c
+++ b/src/node_device/node_device_hal.c
@@ -530,7 +530,7 @@ dev_refresh(const char *udi)
/* Simply "rediscover" device -- incrementally handling changes
* to sub-capabilities (like net.80203) is nasty ... so avoid it.
*/
- virNodeDeviceObjRemove(&driver->devs, dev);
+ virNodeDeviceObjRemove(&driver->devs, &dev);
} else {
VIR_DEBUG("no device named %s", name);
}
@@ -560,7 +560,7 @@ device_removed(LibHalContext *ctx ATTRIBUTE_UNUSED,
dev = virNodeDeviceFindByName(&driver->devs, name);
VIR_DEBUG("%s", name);
if (dev)
- virNodeDeviceObjRemove(&driver->devs, dev);
+ virNodeDeviceObjRemove(&driver->devs, &dev);
else
VIR_DEBUG("no device named %s", name);
nodeDeviceUnlock();
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index bc1f93d..53cfa3c 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -5534,7 +5534,7 @@ testNodeDeviceDestroy(virNodeDevicePtr dev)
0);
virNodeDeviceObjLock(obj);
- virNodeDeviceObjRemove(&driver->devs, obj);
+ virNodeDeviceObjRemove(&driver->devs, &obj);
out:
if (obj)
--
2.7.4
More information about the libvir-list
mailing list