[libvirt] [PATCH] qemu: fix double free when fail to cold-plug a rng device
https://bugzilla.redhat.com/show_bug.cgi?id=1220809 When cold-plug a rng device and get failed in qemuDomainAssignAddresses, we will double free the rng device. Free the pointer after we Insert the device success to fix this issue. ... 5 0x00007fb7d180ac8a in virFree at util/viralloc.c:582 6 0x00007fb7d1895cdd in virDomainRNGDefFree at conf/domain_conf.c:19786 7 0x00007fb7d1895d99 in virDomainDeviceDefFree at conf/domain_conf.c:2022 8 0x00007fb7b92b8baf in qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:8785 9 0x00007fb7d190c5d7 in virDomainAttachDeviceFlags at libvirt-domain.c:8488 10 0x00007fb7d23af9d2 in remoteDispatchDomainAttachDeviceFlags at remote_dispatch.h:2842 ... Signed-off-by: Luyao Huang <lhuang@redhat.com> --- src/qemu/qemu_driver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 33c1cfd..f922a28 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -8359,11 +8359,10 @@ qemuDomainAttachDeviceConfig(virQEMUCapsPtr qemuCaps, if (virDomainRNGInsert(vmdef, dev->data.rng, false) < 0) return -1; + dev->data.rng = NULL; if (qemuDomainAssignAddresses(vmdef, qemuCaps, NULL) < 0) return -1; - - dev->data.rng = NULL; break; case VIR_DOMAIN_DEVICE_MEMORY: -- 1.8.3.1
On 12.05.2015 15:55, Luyao Huang wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1220809
When cold-plug a rng device and get failed in qemuDomainAssignAddresses, we will double free the rng device. Free the pointer after we Insert the device success to fix this issue.
... 5 0x00007fb7d180ac8a in virFree at util/viralloc.c:582 6 0x00007fb7d1895cdd in virDomainRNGDefFree at conf/domain_conf.c:19786 7 0x00007fb7d1895d99 in virDomainDeviceDefFree at conf/domain_conf.c:2022 8 0x00007fb7b92b8baf in qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:8785 9 0x00007fb7d190c5d7 in virDomainAttachDeviceFlags at libvirt-domain.c:8488 10 0x00007fb7d23af9d2 in remoteDispatchDomainAttachDeviceFlags at remote_dispatch.h:2842 ...
Signed-off-by: Luyao Huang <lhuang@redhat.com> --- src/qemu/qemu_driver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 33c1cfd..f922a28 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -8359,11 +8359,10 @@ qemuDomainAttachDeviceConfig(virQEMUCapsPtr qemuCaps,
if (virDomainRNGInsert(vmdef, dev->data.rng, false) < 0) return -1; + dev->data.rng = NULL;
if (qemuDomainAssignAddresses(vmdef, qemuCaps, NULL) < 0) return -1; - - dev->data.rng = NULL; break;
case VIR_DOMAIN_DEVICE_MEMORY:
I've reworded the commit message a bit, ACKed and pushed. Michal
On 05/12/2015 11:14 PM, Michal Privoznik wrote:
On 12.05.2015 15:55, Luyao Huang wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1220809
When cold-plug a rng device and get failed in qemuDomainAssignAddresses, we will double free the rng device. Free the pointer after we Insert the device success to fix this issue.
... 5 0x00007fb7d180ac8a in virFree at util/viralloc.c:582 6 0x00007fb7d1895cdd in virDomainRNGDefFree at conf/domain_conf.c:19786 7 0x00007fb7d1895d99 in virDomainDeviceDefFree at conf/domain_conf.c:2022 8 0x00007fb7b92b8baf in qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:8785 9 0x00007fb7d190c5d7 in virDomainAttachDeviceFlags at libvirt-domain.c:8488 10 0x00007fb7d23af9d2 in remoteDispatchDomainAttachDeviceFlags at remote_dispatch.h:2842 ...
Signed-off-by: Luyao Huang <lhuang@redhat.com> --- src/qemu/qemu_driver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 33c1cfd..f922a28 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -8359,11 +8359,10 @@ qemuDomainAttachDeviceConfig(virQEMUCapsPtr qemuCaps,
if (virDomainRNGInsert(vmdef, dev->data.rng, false) < 0) return -1; + dev->data.rng = NULL;
if (qemuDomainAssignAddresses(vmdef, qemuCaps, NULL) < 0) return -1; - - dev->data.rng = NULL; break;
case VIR_DOMAIN_DEVICE_MEMORY:
I've reworded the commit message a bit, ACKed and pushed.
Thanks for quick review.
Michal
Luyao
participants (3)
-
lhuang -
Luyao Huang
-
Michal Privoznik