[libvirt] [PATCH v2] snapshot: Don't hose list on deletion failure
Michal Privoznik
mprivozn at redhat.com
Tue Nov 6 09:15:01 UTC 2018
On 10/18/2018 03:45 AM, Eric Blake wrote:
> If qemuDomainSnapshotDiscard() fails for any reason (rare,
> but possible with an ill-timed ENOMEM or if
> qemuDomainSnapshotForEachQcow2() has problems talking to the
> qemu guest monitor), then an attempt to retry the snapshot
> deletion API will crash because we didn't undo the effects
> of virDomainSnapshotDropParent() temporarily rearranging the
> internal list structures, and the second attempt to drop
> parents will dereference NULL. Fix it by instead noting that
> there are only two callers to qemuDomainSnapshotDiscard(),
> and only one of the two callers wants the parent to be updated;
> thus we can move the call to virDomainSnapshotDropParent()
> into a code path that only gets executed on success.
>
> Signed-off-by: Eric Blake <eblake at redhat.com>
>
> ---
> v2: avoid use-after-free
> ---
> src/qemu/qemu_domain.c | 6 ++++--
> src/qemu/qemu_driver.c | 1 -
> 2 files changed, 4 insertions(+), 3 deletions(-)
ACK
Michal
More information about the libvir-list
mailing list