[libvirt] [PATCH] qemuProcessReconnect: ensure vm xml integrity when save status

Peter Krempa pkrempa at redhat.com
Mon May 20 11:07:42 UTC 2019


On Mon, May 20, 2019 at 12:57:17 +0200, Peter Krempa wrote:
> On Sat, May 18, 2019 at 18:24:36 +0800, Wang King wrote:

[...]

> > @@ -8023,6 +8024,9 @@ qemuProcessReconnect(void *opaque)
> >      cfg = virQEMUDriverGetConfig(driver);
> >      priv = obj->privateData;
> >  
> > +    /* need xmlopt later to save status, do not free */
> > +    xmlopt = virObjectRef(driver->xmlopt);
> 
> So I presume the problem is that qemuStateCleanup is called before this
> function finishes and thus accesses invalid memory.
> 
> This patch will not fix the problem entirely, because the access to
> XMLopt here (and everywhere else) is not atomic. This means that if
> qemuStateCleanup is called before the above line you'll try to reference
> a pointer which was already freed.
> 
> Also even if qemuStateCleanup sets the pointer to NULL your patch does
> not check it.
> 
> To fully fix this I think we need an accessor similar to
> virQEMUDriverGetConfig which will access the xmlopt object.

Or ideally we need to turn the qemu_driver struct into an virObject and
increase refcount prior to passing it into the threads reconnecting to
the instances. Otherwise there are potential other fields missing and
can cause problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190520/e213debd/attachment-0001.sig>


More information about the libvir-list mailing list