Re: [libvirt] [PATCH] qemu: Don't unref domain after exit from nested async job

On Wed, Jan 07, 2015 at 12:00:57PM +0100, Peter Krempa wrote: > In commit 540c339a2535ec30d79e5ef84d8f50a17bc60723 the whole domain > reference counting was refactored in the qemu driver. Domain jobs now > don't need to reference the domain object as they now expect the > reference from the calling function. > > However, the patch forgot to remove the unref call in case we exit the > monitor when we were acquiring a nested job. This caused the daemon to > crash on a subsequent access to the domain object once we've done an > operation requiring a nested job for a monitor access. > > An easy reproducer case: > > 1) Start a vm with qcow disks > 2) virsh snapshot-create-as DOMNAME > 3) virsh dumpxml DOMNAME > 4) daemon crashes in a semi-random spot while accessing a now-removed VM > object. > > Fortunately, the commit wasn't released yet, so there are no security > implications. > > Reported-by: Shanzi Yu <shyu(a)redhat.com&gt; > Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; > --- > Cc: Martin Kletzander <mkletzan(a)redhat.com&gt; > Cc: Shanzi Yu <shyu(a)redhat.com&gt; > > src/qemu/qemu_domain.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c > index bd64409..3d4023c 100644 > --- a/src/qemu/qemu_domain.c > +++ b/src/qemu/qemu_domain.c > @@ -1573,8 +1573,6 @@ > qemuDomainObjExitMonitorInternal(virQEMUDriverPtr driver, > qemuDomainObjResetJob(priv); > qemuDomainObjSaveJob(driver, obj); > virCondSignal(&priv->job.cond); > - > - virObjectUnref(obj); > } > } > ACK, thanks for catching that. Martin