回复: [PATCH] qemu: snapshot: Fix libvirtd crash in snapshot-revert

Lin Ma <LMa@xxxxxxxx> · Fri, 13 Dec 2019 10:31:09 +0000

> -----邮件原件-----
> 发件人: Michal Privoznik <mprivozn@xxxxxxxxxx>
> 发送时间: 2019年12月13日 17:30
> 收件人: Peter Krempa <pkrempa@xxxxxxxxxx>; Lin Ma <LMa@xxxxxxxx>
> 抄送: libvir-list@xxxxxxxxxx
> 主题: Re:  [PATCH] qemu: snapshot: Fix libvirtd crash in snapshot-revert
> 
> On 12/13/19 8:55 AM, Peter Krempa wrote:
> > On Fri, Dec 13, 2019 at 15:47:36 +0800, Lin Ma wrote:
> >> When reverting a running domain to a snapshot(active state), We need
> >> to use the FORCE flag for snapshot-revert if current domain
> >> configuration is different from the target domain configuration, and
> >> this will start a new qemu instance for the target domain.
> >>
> >> In this situation, if there is existing connection to the domain, say
> >> Spice or VNC through virt-manager, Then the libvirtd would crash
> >> during snapshot revert because: Both of snapshot revert worker and
> >> new worker job 'remoteDispatchDomainOpenGraphicsFd' are waiting for
> >> mon->msg->finished in qemuMonitorSend(), We know if IO process
> >> resulted in an error with a message, Libvirtd main thread calls
> qemuMonitorIO() to wakeup the waiter.
> >> Then mon->msg will be set to NULL in qemuMonitorSend() once the
> >> worker GraphicsFD is woken up, which causes snapshot revert worker
> >> dereferences this null pointer.
> >
> > [....]
> >
> >> Signed-off-by: Lin Ma <lma@xxxxxxxx>
> >> ---
> >>   src/qemu/qemu_monitor.c | 2 +-
> >>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index
> >> ea3e62dc8e..a8344e698b 100644
> >> --- a/src/qemu/qemu_monitor.c
> >> +++ b/src/qemu/qemu_monitor.c
> >> @@ -994,7 +994,7 @@ qemuMonitorSend(qemuMonitorPtr mon,
> >>             "mon=%p msg=%s fd=%d",
> >>             mon, mon->msg->txBuffer, mon->msg->txFD);
> >>
> >> -    while (!mon->msg->finished) {
> >> +    while (mon->msg && !mon->msg->finished) {
> >
> > This fixes only the symptom. The actual problem is in handling of our
> > job state when restarting the qemu process:
> >
> > Please see the following patches which aim to fix the same problem:
> >
> > https://www.redhat.com/archives/libvir-list/2019-December/msg00663.htm
> > l
> 
> In fact, I've pushed the patch yesterday:
> 
>    d75f865fb9 qemu: fix concurrency crash bug in snapshot revert
> 
> Does it fix the problem you're seeing?

Yes, It does fix the problem.

Thanks,
Lin

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list