If we use p2p migration and the vm is transient, vm will be deleted in
qemuDomainMigrateConfirm3(). But the caller(doPeer2PeerMigrate() and
qemuMigrationPerform()) still access it, and it will cause libvirtd crashed.
---
src/qemu/qemu_migration.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 4d7bc38..ab28416 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1971,6 +1971,11 @@ int qemuMigrationPerform(struct qemud_driver *driver,
goto cleanup;
priv->jobActive = QEMU_JOB_MIGRATION_OUT;
+ /* Hold an extra reference because we can't allow 'vm' to be deleted in
+ * qemuDomainMigrateConfirm3().
+ */
+ virDomainObjRef(vm);
+
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
@@ -2045,7 +2050,7 @@ endjob:
vm = NULL;
cleanup:
- if (vm)
+ if (vm && virDomainObjUnref(vm) > 0)
virDomainObjUnlock(vm);
if (event)
qemuDomainEventQueue(driver, event);
--
1.7.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list