Re: [PATCH] do not unref obj in qemuDomainObjExitMonitorWithDriver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 03/17/2011 07:11 PM, Daniel P. Berrange Write:
> On Wed, Mar 16, 2011 at 05:01:23PM +0800, Wen Congyang wrote:
>> Steps to reproduce this bug:
>> # cat test.sh 
>>   #! /bin/bash -x
>>   virsh start domain
>>   sleep 5
>>   virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
>> # while true; do ./test.sh ; done
>>
>> Then libvirtd will crash.
>>
>> The reason is that:
>> we add a reference of obj when we open the monitor. We will reduce this
>> reference when we free the monitor.
>>
>> If the reference of monitor is 0, we will free monitor automatically and
>> the reference of obj is reduced.
>>
>> But in the function qemuDomainObjExitMonitorWithDriver(), we reduce this
>> reference again when the reference of monitor is 0.
>>
>> It will cause the obj be freed in the function qemuDomainObjEndJob().
>>
>> Then we start the domain again, and libvirtd will crash in the function
>> virDomainObjListSearchName(), because we pass a null pointer(obj->def->name)
>> to strcmp().
>>
>> Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx>
>>
>> ---
>>  src/qemu/qemu_domain.c |    1 -
>>  1 files changed, 0 insertions(+), 1 deletions(-)
>>
>> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>> index 8a2b9cc..ae28b1c 100644
>> --- a/src/qemu/qemu_domain.c
>> +++ b/src/qemu/qemu_domain.c
>> @@ -634,7 +634,6 @@ void qemuDomainObjExitMonitorWithDriver(struct qemud_driver *driver,
>>      virDomainObjLock(obj);
>>  
>>      if (refs == 0) {
>> -        virDomainObjUnref(obj);
>>          priv->mon = NULL;
>>      }
>>  }
> 
> ACK,  ExitMonitorWithDriver should not be touching the virDomainObjPtr
> refs at all. The virDomainObjPtr refs should only be touched by the
> BeginJob/EndJob calls.
> 
> This same fix also needs to be done in qemuDomainObjExitMonitor()

Yes, there is the same problem in qemuDomainObjExitMonitor().
I have updated this patch.

> 
> 
> Daniel


>From 6c30534f7e6c5d2e5661c38397fc5062a8288ef3 Mon Sep 17 00:00:00 2001
From: Wen Congyang <wency@xxxxxxxxxxxxxx>
Date: Fri, 18 Mar 2011 09:51:07 +0800
Subject: [PATCH 3/3] do not unref obj in qemuDomainObjExitMonitor*

---
 src/qemu/qemu_domain.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 8a2b9cc..cc137d2 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -588,7 +588,6 @@ void qemuDomainObjExitMonitor(virDomainObjPtr obj)
     virDomainObjLock(obj);
 
     if (refs == 0) {
-        virDomainObjUnref(obj);
         priv->mon = NULL;
     }
 }
@@ -634,7 +633,6 @@ void qemuDomainObjExitMonitorWithDriver(struct qemud_driver *driver,
     virDomainObjLock(obj);
 
     if (refs == 0) {
-        virDomainObjUnref(obj);
         priv->mon = NULL;
     }
 }
-- 
1.7.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]