Make error reporting in libvirtd thread safe

Bug https://bugzilla.redhat.com/show_bug.cgi?id=689374 reported libvirtd crash during error dispatch. The reason is that libvirtd uses remoteDispatchConnError() with non-NULL conn parameter which means that virConnGetLastError() is used instead of its thread safe replacement virGetLastError(). So when several libvirtd threads are reporting errors at the same time, the errors can get mixed or corrupted or in case of bad luck libvirtd itself crashes. Since Daniel B. is going to rewrite this code from scratch on top of his RPC infrastructure, I tried to come up with a minimal fix. Thus, remoteDispatchConnError() now just ignores its conn argument and always calls virGetLastError(). However, several callers had to be touched as well, since no libvirt API is allowed to be called before dispatching the error. Doing so would reset the error and we would have nothing to dispatch. As a result of that, the code is not very nice but that doesn't really make daemon/remote.c worse than it is now :-) And it will all die soon, which is good. The bug report also contains a reproducer in C which detects both mixed up error messages and libvirtd crash. Before this patch, I was able to crash libvirtd in about 20 seconds up to 3 minutes depending on number of CPU cores (more is better) and luck.

Make error reporting in libvirtd thread safe
Bug https://bugzilla.redhat.com/show_bug.cgi?id=689374 reported libvirtd crash during error dispatch. The reason is that libvirtd uses remoteDispatchConnError() with non-NULL conn parameter which means that virConnGetLastError() is used instead of its thread safe replacement virGetLastError(). So when several libvirtd threads are reporting errors at the same time, the errors can get mixed or corrupted or in case of bad luck libvirtd itself crashes. Since Daniel B. is going to rewrite this code from scratch on top of his RPC infrastructure, I tried to come up with a minimal fix. Thus, remoteDispatchConnError() now just ignores its conn argument and always calls virGetLastError(). However, several callers had to be touched as well, since no libvirt API is allowed to be called before dispatching the error. Doing so would reset the error and we would have nothing to dispatch. As a result of that, the code is not very nice but that doesn't really make daemon/remote.c worse than it is now :-) And it will all die soon, which is good. The bug report also contains a reproducer in C which detects both mixed up error messages and libvirtd crash. Before this patch, I was able to crash libvirtd in about 20 seconds up to 3 minutes depending on number of CPU cores (more is better) and luck.
f44bfb7f · Jiri Denemark · 9450a7cb · f44bfb7f · f44bfb7f
展开全部隐藏空白更改
内联并排

Showing with 127 addition and 121 deletion

daemon/dispatch.c daemon/dispatch.c +2 -6

daemon/remote.c daemon/remote.c +125 -115

未找到文件。
--- a/daemon/dispatch.c
+++ b/daemon/dispatch.c
@@ -113,14 +113,10 @@ void remoteDispatchOOMError (remote_error *rerr)


 void remoteDispatchConnError (remote_error *rerr,
-                              virConnectPtr conn)
+                              virConnectPtr conn ATTRIBUTE_UNUSED)
 {
-    virErrorPtr verr;
+    virErrorPtr verr = virGetLastError();

-    if (conn)
-        verr = virConnGetLastError(conn);
-    else
-        verr = virGetLastError();
    if (verr)
        remoteDispatchCopyError(rerr, verr);
    else

--- a/daemon/remote.c
+++ b/daemon/remote.c