'qemuProcessStop()' clears the 'current' job data. While the code under
the 'error' label in 'qemuMigrationSrcRun()' does check that the VM is
active before accessing the job, it also invokes multiple helper
functions to clean up the migration including
'qemuMigrationSrcNBDCopyCancel()' which calls 'qemuDomainObjWait()'
invalidating the result of the liveness check as it unlocks the VM.
Duplicate the liveness check and explain why. The rest of the code e.g.
accessing the monitor is safe as 'qemuDomainEnterMonitorAsync()'
performs a liveness check. The cleanup path just ignores the return
values of those functions.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
src/qemu/qemu_migration.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 3524915e9d..89ddc586bd 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -5074,7 +5074,13 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
dconn);
qemuMigrationSrcCancelRemoveTempBitmaps(vm, VIR_ASYNC_JOB_MIGRATION_OUT);
+ }
+ /* We need to re-check that the VM is active as functions like
+ * qemuMigrationSrcCancel/qemuMigrationSrcNBDCopyCancel wait on the VM
+ * condition unlocking the VM object which can lead to a cleanup of the
+ * 'current' job via qemuProcessStop */
+ if (qemuDomainObjIsActive(vm)) {
if (vm->job->current->status != VIR_DOMAIN_JOB_STATUS_CANCELED)
vm->job->current->status = VIR_DOMAIN_JOB_STATUS_FAILED;
}
--
2.45.2
