On 11/24/2016 04:19 AM, Nikolay Shirokovskiy wrote:
qemuAgentNotifyEvent notify on a lock condition without taking the lock. This works but it is a subject to race conditions. --- src/qemu/qemu_agent.c | 4 ++++ 1 file changed, 4 insertions(+)
But the vm is locked prior to any priv->agent dereference and call - so what path could free priv->agent before we get into this NotifyEvent code? I suppose it wouldn't hurt, but we're not entering the agent and the AgentEOF would require vm lock to clear agent. John
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index 5230cbc..ad031d0 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1248,6 +1248,8 @@ qemuAgentMakeStringsArray(const char **strings, unsigned int len) void qemuAgentNotifyEvent(qemuAgentPtr mon, qemuAgentEvent event) { + virObjectLock(mon); + VIR_DEBUG("mon=%p event=%d await_event=%d", mon, event, mon->await_event); if (mon->await_event == event) { mon->await_event = QEMU_AGENT_EVENT_NONE; @@ -1257,6 +1259,8 @@ void qemuAgentNotifyEvent(qemuAgentPtr mon, virCondSignal(&mon->notify); } } + + virObjectUnlock(mon); }
VIR_ENUM_DECL(qemuAgentShutdownMode);