[PATCH 0/3] qemu: Fix crash on disk hotplug rollback
Peter Krempa (3): qemu: block: Don't crash if qemuBlockThrottleFiltersDetach gets NULL @data qemuDomainAttachDiskGeneric: Report errors from 'qemuBuildThrottleFiltersAttachPrepareBlockdev' NEWS: Mention fix of crash on disk hotplug failure NEWS.rst | 5 +++++ src/qemu/qemu_block.c | 3 +++ src/qemu/qemu_hotplug.c | 7 ++++++- 3 files changed, 14 insertions(+), 1 deletion(-) -- 2.49.0
From: Peter Krempa <pkrempa@redhat.com> 'qemuBlockThrottleFiltersDetach' crashes if @data is NULL. That can happen in 'qemuDomainAttachDiskGeneric' as it's used as a rollback path in cases when we didn't yet initialize the filter struct. Fix it by tolerating NULL @data. Closes: https://gitlab.com/libvirt/libvirt/-/issues/765 Fixes: 9a6560f066d1e65502d901f32ff2e91ffed3b209 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 27ef1b8375..f0601924ae 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -2875,6 +2875,9 @@ qemuBlockThrottleFiltersDetach(qemuMonitor *mon, { size_t i; + if (!data) + return; + for (i = data->nfilterdata; i > 0; i--) qemuBlockThrottleFilterAttachRollback(mon, data->filterdata[i-1]); } -- 2.49.0
From: Peter Krempa <pkrempa@redhat.com> 'qemuBuildThrottleFiltersAttachPrepareBlockdev' can fail when constructing JSON props, but otherwise always retruns a pointer even if there's nothing to do. The code in 'qemuDomainAttachDiskGeneric' didn't handle this properly as it considered NULL as "nothing to do". Return the failure instead and check if tere's something to do by looking at 'nfilterdata' Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_hotplug.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 9977662a2c..02636c9531 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -740,10 +740,15 @@ qemuDomainAttachDiskGeneric(virDomainObj *vm, if (rc < 0) goto rollback; - if ((filterData = qemuBuildThrottleFiltersAttachPrepareBlockdev(disk))) { + if (!(filterData = qemuBuildThrottleFiltersAttachPrepareBlockdev(disk))) + return -1; + + if (filterData->nfilterdata > 0) { if (qemuDomainObjEnterMonitorAsync(vm, asyncJob) < 0) return -1; + rc = qemuBlockThrottleFiltersAttach(priv->mon, filterData); + qemuDomainObjExitMonitor(vm); if (rc < 0) goto rollback; -- 2.49.0
From: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- NEWS.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 4f1e8ecbdf..7b4dbd795b 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -50,6 +50,11 @@ v11.3.0 (unreleased) to be logged in the system log. It is safe to ignore the error. The code was fixed to avoid the message when probing for support. + * Fix libvirt daemon crash on failure to hotplug a disk in the to a ``qemu`` VM + + Some failures of disk hotplug could cause the libvirt daemon to crash due + to a bug when rolling back disk throttling filters. + v11.2.0 (2025-04-01) ==================== -- 2.49.0
On 4/11/25 13:57, Peter Krempa via Devel wrote:
Peter Krempa (3): qemu: block: Don't crash if qemuBlockThrottleFiltersDetach gets NULL @data qemuDomainAttachDiskGeneric: Report errors from 'qemuBuildThrottleFiltersAttachPrepareBlockdev' NEWS: Mention fix of crash on disk hotplug failure
NEWS.rst | 5 +++++ src/qemu/qemu_block.c | 3 +++ src/qemu/qemu_hotplug.c | 7 ++++++- 3 files changed, 14 insertions(+), 1 deletion(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
participants (2)
-
Michal Prívozník -
Peter Krempa