[libvirt] [PATCH 1/5] Fix potential crash in libvirtd with active streams

Friday, 8 July 2011

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt;

If a client disconnects while it has a stream active, there is
a race condition which could see libvirtd crash. This is because
the client struct may be freed before the last stream event has
triggered. THis is trivially solved by holding an extra reference
on the client for the stream callbak

* daemon/stream.c: Acquire reference on client when adding the
  stream callback
---
 daemon/stream.c |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/daemon/stream.c b/daemon/stream.c
index 56d79c2..28f6c32 100644
--- a/daemon/stream.c
+++ b/daemon/stream.c
@@ -104,6 +104,15 @@ daemonStreamMessageFinished(virNetMessagePtr msg,
     daemonStreamUpdateEvents(stream);
 }
 
+
+static void
+daemonStreamEventFreeFunc(void *opaque)
+{
+    virNetServerClientPtr client = opaque;
+
+    virNetServerClientFree(client);
+}
+
 /*
  * Callback that gets invoked when a stream becomes writable/readable
  */
@@ -361,9 +370,11 @@ int daemonAddClientStream(virNetServerClientPtr client,
     }
 
     if (virStreamEventAddCallback(stream->st, 0,
-                                  daemonStreamEvent, client, NULL) < 0)
+                                  daemonStreamEvent, client,
+                                  daemonStreamEventFreeFunc) < 0)
         return -1;
 
+    virNetServerClientRef(client);
     if ((stream->filterID = virNetServerClientAddFilter(client,
                                                         daemonStreamFilter,
                                                         stream)) < 0) {
-- 
1.7.6


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH 1/5] Fix potential crash in libvirtd with active streams