On Mon, May 20, 2019 at 12:57:17 +0200, Peter Krempa wrote: > On Sat, May 18, 2019 at 18:24:36 +0800, Wang King wrote: [...] > > @@ -8023,6 +8024,9 @@ qemuProcessReconnect(void *opaque) > > cfg = virQEMUDriverGetConfig(driver); > > priv = obj->privateData; > > > > + /* need xmlopt later to save status, do not free */ > > + xmlopt = virObjectRef(driver->xmlopt); > > So I presume the problem is that qemuStateCleanup is called before this > function finishes and thus accesses invalid memory. > > This patch will not fix the problem entirely, because the access to > XMLopt here (and everywhere else) is not atomic. This means that if > qemuStateCleanup is called before the above line you'll try to reference > a pointer which was already freed. > > Also even if qemuStateCleanup sets the pointer to NULL your patch does > not check it. > > To fully fix this I think we need an accessor similar to > virQEMUDriverGetConfig which will access the xmlopt object. Or ideally we need to turn the qemu_driver struct into an virObject and increase refcount prior to passing it into the threads reconnecting to the instances. Otherwise there are potential other fields missing and can cause problems.
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
