[libvirt] [PATCH 1/4] Fix crash when cleaning up from failed save attempt

["Daniel P. Berrange" <berrange@xxxxxxxxxx>]

If a transient QEMU crashes during save attempt, then the virDomainPtr
object may be freed. If a persistent QEMU crashes during save, then
the 'priv->mon' field is no longer valid since it will be inactive.

* src/qemu/qemu_driver.c: Fix two crashes when QEMU exits
  during a save attempt
---
 src/qemu/qemu_driver.c |   36 ++++++++++++++++++++++--------------
 1 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 39feac7..91fe963 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4997,19 +4997,20 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
     }
 
 endjob:
-    if (ret != 0 && header.was_running) {
-        qemuDomainObjEnterMonitorWithDriver(driver, vm);
-        rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
-        qemuDomainObjExitMonitorWithDriver(driver, vm);
-        if (rc < 0)
-            VIR_WARN0("Unable to resume guest CPUs after save failure");
-        else
-            vm->state = VIR_DOMAIN_RUNNING;
-    }
+    if (vm) {
+        if (ret != 0 && header.was_running && priv->mon) {
+            qemuDomainObjEnterMonitorWithDriver(driver, vm);
+            rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
+            qemuDomainObjExitMonitorWithDriver(driver, vm);
+            if (rc < 0)
+                VIR_WARN0("Unable to resume guest CPUs after save failure");
+            else
+                vm->state = VIR_DOMAIN_RUNNING;
+        }
 
-    if (vm &&
-        qemuDomainObjEndJob(vm) == 0)
+        if (qemuDomainObjEndJob(vm) == 0)
             vm = NULL;
+    }
 
 cleanup:
     VIR_FREE(xml);
@@ -7185,9 +7186,16 @@ static int qemudDomainAttachNetDevice(virConnectPtr conn,
     }
 
     /* FIXME - need to support vhost-net here (5th arg) */
-    if (!(netstr = qemuBuildHostNetStr(net, ' ',
-                                       vlan, tapfd_name, 0)))
-        goto try_tapfd_close;
+    if ((qemuCmdFlags & QEMUD_CMD_FLAG_NETDEV) &&
+        (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
+        if (!(netstr = qemuBuildHostNetStr(net, ',',
+                                           -1, tapfd_name, 0)))
+            goto try_tapfd_close;
+    } else {
+        if (!(netstr = qemuBuildHostNetStr(net, ' ',
+                                           vlan, tapfd_name, 0)))
+            goto try_tapfd_close;
+    }
 
     qemuDomainObjEnterMonitorWithDriver(driver, vm);
     if ((qemuCmdFlags & QEMUD_CMD_FLAG_NETDEV) &&
-- 
1.6.5.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list