[libvirt] [PATCH] qemuProcessReconnect: ensure vm xml integrity when save status
Peter Krempa
pkrempa at redhat.com
Mon May 20 11:07:42 UTC 2019
On Mon, May 20, 2019 at 12:57:17 +0200, Peter Krempa wrote:
> On Sat, May 18, 2019 at 18:24:36 +0800, Wang King wrote:
[...]
> > @@ -8023,6 +8024,9 @@ qemuProcessReconnect(void *opaque)
> > cfg = virQEMUDriverGetConfig(driver);
> > priv = obj->privateData;
> >
> > + /* need xmlopt later to save status, do not free */
> > + xmlopt = virObjectRef(driver->xmlopt);
>
> So I presume the problem is that qemuStateCleanup is called before this
> function finishes and thus accesses invalid memory.
>
> This patch will not fix the problem entirely, because the access to
> XMLopt here (and everywhere else) is not atomic. This means that if
> qemuStateCleanup is called before the above line you'll try to reference
> a pointer which was already freed.
>
> Also even if qemuStateCleanup sets the pointer to NULL your patch does
> not check it.
>
> To fully fix this I think we need an accessor similar to
> virQEMUDriverGetConfig which will access the xmlopt object.
Or ideally we need to turn the qemu_driver struct into an virObject and
increase refcount prior to passing it into the threads reconnecting to
the instances. Otherwise there are potential other fields missing and
can cause problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190520/e213debd/attachment-0001.sig>
More information about the libvir-list
mailing list