On 04/06/2011 01:57 AM, Wen Congyang wrote:
When the function processWatchdogEvent() failed, we only free wdEvent, but forget to unlock qemu driver and vm, free dumpfile.
--- src/qemu/qemu_driver.c | 28 +++++++++++++++++++--------- 1 files changed, 19 insertions(+), 9 deletions(-)
I spoke too soon.
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index dd84f65..628cfe3 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2400,19 +2400,22 @@ static void processWatchdogEvent(void *data, void *opaque) wdEvent->vm->def->name,
Oops - this is reading from wdEvent->vm contents...
(unsigned int)time(NULL)) < 0) { virReportOOMError(); - break; + goto cleanup; }
qemuDriverLock(driver); virDomainObjLock(wdEvent->vm);
...prior to obtaining the lock. I think we need to swap that order.
+ default: + goto cleanup; }
+endjob: + if (qemuDomainObjEndJob(wdEvent->vm) == 0) + wdEvent->vm = NULL; + +unlock: + if (wdEvent->vm) + virDomainObjUnlock(wdEvent->vm); + qemuDriverUnlock(driver); + +cleanup: VIR_FREE(wdEvent);
If you do that, then nothing in the VIR_DOMAIN_WATCHDOG_ACTION_DUMP case jumps to cleanup, and after patch 3, the default case also unlocks the vm rather than jumping to cleanup. I think you need to send a v2 patch with 2 and 3 squashed into a single fix. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org