10:07 a.m.
When a domain is killed on the source host while it is being migrated
and libvirtd is waiting for the migration to finish (waiting for the
domain condition in qemuMigrationSrcWaitForCompletion), the run-time
state including priv->job.current may already be freed once
virDomainObjWait returns with -1. Thus the priv->job.current pointer
cached in jobInfo is no longer valid and setting jobInfo->status may
crash the daemon.
https://bugzilla.redhat.com/show_bug.cgi?id=1593137
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_migration.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 435cd174af..825a9d399b 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1584,7 +1584,8 @@ qemuMigrationSrcWaitForCompletion(virQEMUDriverPtr driver,
if (events) {
if (virDomainObjWait(vm) < 0) {
- jobInfo->status = QEMU_DOMAIN_JOB_STATUS_FAILED;
+ if (virDomainObjIsActive(vm))
+ jobInfo->status = QEMU_DOMAIN_JOB_STATUS_FAILED;
return -2;
}
} else {
--
2.18.0
7:13 a.m.
On Thu, Aug 02, 2018 at 05:07:33PM +0200, Jiri Denemark wrote:
When a domain is killed on the source host while it is being migrated
and libvirtd is waiting for the migration to finish (waiting for the
domain condition in qemuMigrationSrcWaitForCompletion), the run-time
state including priv->job.current may already be freed once
virDomainObjWait returns with -1. Thus the priv->job.current pointer
cached in jobInfo is no longer valid and setting jobInfo->status may
crash the daemon.
https://bugzilla.redhat.com/show_bug.cgi?id=1593137
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_migration.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
10:30 a.m.
Hi,
This series was run against 'syntax-check' test by patchew.org, which failed,
please find the details below:
Type: series
Message-id: 7824152ee221199b352c0753db3eefaa5ec9dbb7.1533222453.git.jdenemar(a)redhat.com
Subject: [libvirt] [PATCH] qemu_migration: Avoid writing to freed memory
=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
time bash -c './autogen.sh && make syntax-check'
=== TEST SCRIPT END ===
Updating bcb55ab053bc79561b55d0394490f4b64e0f2d01
t [tag update]
patchew/20180803093532.16922-1-berrange(a)redhat.com ->
patchew/20180803093532.16922-1-berrange(a)redhat.com
t [tag update]
patchew/7824152ee221199b352c0753db3eefaa5ec9dbb7.1533222453.git.jdenemar(a)redhat.com ->
patchew/7824152ee221199b352c0753db3eefaa5ec9dbb7.1533222453.git.jdenemar(a)redhat.com
Switched to a new branch 'test'
fatal: Not a valid branch point: '9eae8398edde9446ecc99f4f393bea94652fb6a2'.
Traceback (most recent call last):
File "patchew-tester/src/patchew-cli", line 523, in test_one
cwd=clone, stdout=logf, stderr=logf)
File "/usr/lib64/python3.6/subprocess.py", line 291, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['git', 'branch',
'base', '9eae8398edde9446ecc99f4f393bea94652fb6a2']' returned non-zero
exit status 128.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel(a)redhat.com
2293
days inactive
2304
days old
2 comments
3 participants
participants (3)
-
Jiri Denemark -
Ján Tomko -
no-reply@patchew.org