[libvirt] [PATCH RFC 0/2] ESX: Fixing SetAutoStart
Hi guys, while doing some random tests using the ESX driver, I faced a crash, and these two patches are trying to solve. I don't know if there is a better way to solve it, since ESX driver *generated* code to alloc and free some *generated* structs, but, please let me know if you have a better idea. Thanks, Marcos Paulo de Souza (2): esx: Do not crash SetAutoStart by double free esx: Fix SetAutoStart invalid pointer free src/esx/esx_driver.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) -- 2.17.1
SetAutoStart method cannot free virtualMachine using esxVI_ObjectContent_Free, since: esxVI_HostAutoStartManagerConfig_Free -> esxVI_AutoStartPowerInfo_Free -> esxVI_ManagedObjectReference_Free(item->key); item->key, in this context, is virtualMachine->obj, so calling esxVI_ObjectContent_Free creates a double free, becasuse esxVI_ObjectContent_Free also calls esxVI_ManagedObjectReference_Free(&item->obj). Removing the esxVI_ObjectContent_Free from SetAutoStart fixes this problem. Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com> --- src/esx/esx_driver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c index cee98ebcaf..3835e4cb3c 100644 --- a/src/esx/esx_driver.c +++ b/src/esx/esx_driver.c @@ -3421,7 +3421,9 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart) newPowerInfo->stopAction = NULL; } - esxVI_ObjectContent_Free(&virtualMachine); + /* HostAutoStartManagerConfig free method will call autoStartPowerInfoFree + * in order to free virtualMachine, since newPowerInfo-> key points to + * virtualMachine */ esxVI_HostAutoStartManagerConfig_Free(&spec); esxVI_AutoStartDefaults_Free(&defaults); esxVI_AutoStartPowerInfo_Free(&powerInfoList); -- 2.17.1
esxVI_AutoStartPowerInfo_Free, which is called from esxVI_HostAutoStartManagerConfig_Free, will always call VIR_FREE to free memory from {start,stop}Action, leading to a invalid pointer. With this patch applied, ESX can set autostart successfully to all it's domains. Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com> --- src/esx/esx_driver.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c index 3835e4cb3c..a49862a1de 100644 --- a/src/esx/esx_driver.c +++ b/src/esx/esx_driver.c @@ -3386,7 +3386,9 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart) if (esxVI_AutoStartPowerInfo_Alloc(&newPowerInfo) < 0 || esxVI_Int_Alloc(&newPowerInfo->startOrder) < 0 || esxVI_Int_Alloc(&newPowerInfo->startDelay) < 0 || - esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0) { + esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0 || + VIR_ALLOC_N(newPowerInfo->startAction, 8) < 0 || + VIR_ALLOC_N(newPowerInfo->stopAction, 5) < 0) { goto cleanup; } @@ -3394,9 +3396,9 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart) newPowerInfo->startOrder->value = -1; /* no specific start order */ newPowerInfo->startDelay->value = -1; /* use system default */ newPowerInfo->waitForHeartbeat = esxVI_AutoStartWaitHeartbeatSetting_SystemDefault; - newPowerInfo->startAction = autostart ? (char *)"powerOn" : (char *)"none"; + strcpy(newPowerInfo->startAction, autostart ? (char *)"powerOn" : (char *)"none"); newPowerInfo->stopDelay->value = -1; /* use system default */ - newPowerInfo->stopAction = (char *)"none"; + strcpy(newPowerInfo->stopAction, (char *)"none"); if (esxVI_AutoStartPowerInfo_AppendToList(&spec->powerInfo, newPowerInfo) < 0) { -- 2.17.1
On Wed, Aug 1, 2018 at 10:27 AM, Marcos Paulo de Souza < marcos.souza.org@gmail.com> wrote:
esxVI_AutoStartPowerInfo_Free, which is called from esxVI_HostAutoStartManagerConfig_Free, will always call VIR_FREE to free memory from {start,stop}Action, leading to a invalid pointer.
With this patch applied, ESX can set autostart successfully to all it's domains.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com> --- src/esx/esx_driver.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c index 3835e4cb3c..a49862a1de 100644 --- a/src/esx/esx_driver.c +++ b/src/esx/esx_driver.c @@ -3386,7 +3386,9 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart) if (esxVI_AutoStartPowerInfo_Alloc(&newPowerInfo) < 0 || esxVI_Int_Alloc(&newPowerInfo->startOrder) < 0 || esxVI_Int_Alloc(&newPowerInfo->startDelay) < 0 || - esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0) { + esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0 || + VIR_ALLOC_N(newPowerInfo->startAction, 8) < 0 || + VIR_ALLOC_N(newPowerInfo->stopAction, 5) < 0) { goto cleanup; }
@@ -3394,9 +3396,9 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart) newPowerInfo->startOrder->value = -1; /* no specific start order */ newPowerInfo->startDelay->value = -1; /* use system default */ newPowerInfo->waitForHeartbeat = esxVI_AutoStartWaitHeartbeatSe tting_SystemDefault; - newPowerInfo->startAction = autostart ? (char *)"powerOn" : (char *)"none"; + strcpy(newPowerInfo->startAction, autostart ? (char *)"powerOn" : (char *)"none");
Please use virStrcpyStatic, seeing https://libvirt.org/hacking. html#string_copying
newPowerInfo->stopDelay->value = -1; /* use system default */ - newPowerInfo->stopAction = (char *)"none"; + strcpy(newPowerInfo->stopAction, (char *)"none");
The same here
if (esxVI_AutoStartPowerInfo_AppendToList(&spec->powerInfo, newPowerInfo) < 0) { -- 2.17.1
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- Best regards, ----------------------------------- Han Han Quality Engineer Redhat. Email: hhan@redhat.com Phone: +861065339333
participants (2)
-
Han Han -
Marcos Paulo de Souza