From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
If a client disconnects while it has a stream active, there is
a race condition which could see libvirtd crash. This is because
the client struct may be freed before the last stream event has
triggered. THis is trivially solved by holding an extra reference
on the client for the stream callbak
* daemon/stream.c: Acquire reference on client when adding the
stream callback
---
daemon/stream.c | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/daemon/stream.c b/daemon/stream.c
index 56d79c2..28f6c32 100644
--- a/daemon/stream.c
+++ b/daemon/stream.c
@@ -104,6 +104,15 @@ daemonStreamMessageFinished(virNetMessagePtr msg,
daemonStreamUpdateEvents(stream);
}
+
+static void
+daemonStreamEventFreeFunc(void *opaque)
+{
+ virNetServerClientPtr client = opaque;
+
+ virNetServerClientFree(client);
+}
+
/*
* Callback that gets invoked when a stream becomes writable/readable
*/
@@ -361,9 +370,11 @@ int daemonAddClientStream(virNetServerClientPtr client,
}
if (virStreamEventAddCallback(stream->st, 0,
- daemonStreamEvent, client, NULL) < 0)
+ daemonStreamEvent, client,
+ daemonStreamEventFreeFunc) < 0)
return -1;
+ virNetServerClientRef(client);
if ((stream->filterID = virNetServerClientAddFilter(client,
daemonStreamFilter,
stream)) < 0) {
--
1.7.6
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list