On Thu, Nov 03, 2011 at 05:33:38PM -0600, Eric Blake wrote:

I got this weird failure:

error: Failed to start domain simple error: internal error cannot mix caller fds with blocking execution

and tracked it down to a use-after-free - virCommandSetOutputFD was storing the address of a stack-local variable, which then went out of scope before the virCommandRun that dereferenced it.

Bug introduced in commit 451cfd05 (0.9.2).

* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd registration... (lxcVmStart): ...to caller. ---

I have no idea how danpb got so lucky in being able to test recent lxc addtions, given the fact that booting an LXC domain has basically been broken for several months now, depending on whether the compiler happened to smash the stack variable in question.

src/lxc/lxc_driver.c | 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d6e5e20..37092bc 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1449,7 +1449,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver, char **veths, int *ttyFDs, size_t nttyFDs, - int logfile, int handshakefd) { size_t i; @@ -1524,8 +1523,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver, }

virCommandPreserveFD(cmd, handshakefd); - virCommandSetOutputFD(cmd, &logfile); - virCommandSetErrorFD(cmd, &logfile);

return cmd; cleanup: @@ -1747,8 +1744,10 @@ static int lxcVmStart(virConnectPtr conn, vm, nveths, veths, ttyFDs, nttyFDs, - logfd, handshakefds[1]))) + handshakefds[1]))) goto cleanup; + virCommandSetOutputFD(cmd, &logfd); + virCommandSetErrorFD(cmd, &logfd);

/* Log timestamp */ if ((timestamp = virTimestamp()) == NULL) {

ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|