qemu_agent: Remove agent reference only when disposing it

https://bugzilla.redhat.com/show_bug.cgi?id=892079 With current code, if user calls virDomainPMSuspendForDuration() followed by virDomainDestroy(), the former API checks for qemu agent presence, which will evaluate as true (if agent is configured). While talking to qemu agent, the qemu driver is unlocked, so the latter API starts executing. However, if machine dies meanwhile, libvirtd gets EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The handler clears reference to qemu agent while the destroy API already holding a reference to it. This leads to NULL dereferencing later in the code. Therefore, the agent pointer should be set to NULL only if we are the exclusive owner of it.

qemu_agent: Remove agent reference only when disposing it
https://bugzilla.redhat.com/show_bug.cgi?id=892079 With current code, if user calls virDomainPMSuspendForDuration() followed by virDomainDestroy(), the former API checks for qemu agent presence, which will evaluate as true (if agent is configured). While talking to qemu agent, the qemu driver is unlocked, so the latter API starts executing. However, if machine dies meanwhile, libvirtd gets EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The handler clears reference to qemu agent while the destroy API already holding a reference to it. This leads to NULL dereferencing later in the code. Therefore, the agent pointer should be set to NULL only if we are the exclusive owner of it.
f2a4e5f1 · Michal Privoznik · daef7c9e · f2a4e5f1
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

src/qemu/qemu_process.c src/qemu/qemu_process.c +2 -1

未找到文件。
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -133,7 +133,8 @@ qemuProcessHandleAgentEOF(qemuAgentPtr agent,
    virDomainObjLock(vm);
    priv = vm->privateData;
-    if (priv->agent == agent)
+    if (priv->agent == agent &&
+        !virObjectUnref(priv->agent))
        priv->agent = NULL;
    virDomainObjUnlock(vm);