[libvirt] [PATCH 0/2] Fix segfault when destroying domain with console open
In some cases when a newly created domain was destroyed the daemon crashed as it freed the console access data structure sooner than the stream could be freed so that the stream actually called the closing callback taht referenced freed data. Peter Krempa (2): conf: Remove dead code from virConsoleOpen() conf: Remove callback from stream when freeing entries in console hash src/conf/virconsole.c | 9 ++++----- 1 files changed, 4 insertions(+), 5 deletions(-) -- 1.7.8.6
--- src/conf/virconsole.c | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-) diff --git a/src/conf/virconsole.c b/src/conf/virconsole.c index 05e2b07..3d12011 100644 --- a/src/conf/virconsole.c +++ b/src/conf/virconsole.c @@ -381,15 +381,11 @@ int virConsoleOpen(virConsolesPtr cons, if (virFDStreamOpenFile(st, pty, 0, 0, O_RDWR) < 0) goto error; - savedStream = st; - st = NULL; - /* add cleanup callback */ - virFDStreamSetInternalCloseCb(savedStream, + virFDStreamSetInternalCloseCb(st, virConsoleFDStreamCloseCb, cbdata, virConsoleFDStreamCloseCbFree); - cbdata = NULL; virMutexUnlock(&cons->lock); return 0; -- 1.7.8.6
On 2012年07月27日 21:44, Peter Krempa wrote:
--- src/conf/virconsole.c | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-)
diff --git a/src/conf/virconsole.c b/src/conf/virconsole.c index 05e2b07..3d12011 100644 --- a/src/conf/virconsole.c +++ b/src/conf/virconsole.c @@ -381,15 +381,11 @@ int virConsoleOpen(virConsolesPtr cons, if (virFDStreamOpenFile(st, pty, 0, 0, O_RDWR)< 0) goto error;
- savedStream = st; - st = NULL; - /* add cleanup callback */ - virFDStreamSetInternalCloseCb(savedStream, + virFDStreamSetInternalCloseCb(st, virConsoleFDStreamCloseCb, cbdata, virConsoleFDStreamCloseCbFree); - cbdata = NULL;
virMutexUnlock(&cons->lock); return 0;
ACK
When a domain has a active console connection and is destroyed the callback is called on private data that no longer exist causing a segfault. --- src/conf/virconsole.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/conf/virconsole.c b/src/conf/virconsole.c index 3d12011..912aff6 100644 --- a/src/conf/virconsole.c +++ b/src/conf/virconsole.c @@ -219,6 +219,9 @@ static void virConsoleHashEntryFree(void *data, const char *pty = name; virStreamPtr st = data; + /* remove callback from stream */ + virFDStreamSetInternalCloseCb(st, NULL, NULL, NULL); + /* free stream reference */ virStreamFree(st); -- 1.7.8.6
On 2012年07月27日 21:44, Peter Krempa wrote:
When a domain has a active console connection and is destroyed the callback is called on private data that no longer exist causing a segfault. --- src/conf/virconsole.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/conf/virconsole.c b/src/conf/virconsole.c index 3d12011..912aff6 100644 --- a/src/conf/virconsole.c +++ b/src/conf/virconsole.c @@ -219,6 +219,9 @@ static void virConsoleHashEntryFree(void *data, const char *pty = name; virStreamPtr st = data;
+ /* remove callback from stream */ + virFDStreamSetInternalCloseCb(st, NULL, NULL, NULL); + /* free stream reference */ virStreamFree(st);
ACK
On 07/30/12 15:12, Osier Yang wrote:
On 2012年07月27日 21:44, Peter Krempa wrote:
When a domain has a active console connection and is destroyed the callback is called on private data that no longer exist causing a segfault. --- src/conf/virconsole.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-)
ACK
I've pushed the series. Thanks! Peter
participants (2)
-
Osier Yang -
Peter Krempa