1. 11 5月, 2017 38 次提交
    • J
      qemu: do not crash on USB address with no port and invalid bus · e62d61e7
      Ján Tomko 提交于
      Properly error out when the user requests a port from a bus
      that does not have a controller present in the domain XML.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1441589
      (cherry picked from commit b003b978)
      e62d61e7
    • M
      man: Align vol-resize arguments with the output of help · 670102c0
      Martin Kletzander 提交于
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit c3d1df7b)
      670102c0
    • P
      qemu: conf: Don't leak snapshot image format conf variable · c4d7361f
      Peter Krempa 提交于
      ==20406== 4 bytes in 1 blocks are definitely lost in loss record 6 of 1,059
      ==20406==    at 0x4C2AF3F: malloc (vg_replace_malloc.c:299)
      ==20406==    by 0x8F17D39: strdup (in /lib64/libc-2.24.so)
      ==20406==    by 0x552C0E0: virStrdup (virstring.c:784)
      ==20406==    by 0x54D3622: virConfGetValueString (virconf.c:945)
      ==20406==    by 0x144E4692: virQEMUDriverConfigLoadFile (qemu_conf.c:687)
      ==20406==    by 0x1452A744: qemuStateInitialize (qemu_driver.c:664)
      ==20406==    by 0x55DB585: virStateInitialize (libvirt.c:770)
      ==20406==    by 0x124570: daemonRunStateInit (libvirtd.c:881)
      ==20406==    by 0x5532990: virThreadHelper (virthread.c:206)
      ==20406==    by 0x8C82493: start_thread (in /lib64/libpthread-2.24.so)
      ==20406==    by 0x8F7FA1E: clone (in /lib64/libc-2.24.so)
      
      (cherry picked from commit 2ef3aa8f)
      c4d7361f
    • E
      qemu: Fix mdev checking for VFIO support · 1cf9493e
      Erik Skultety 提交于
      Commit a4a39d90 added a check that checks for VFIO support with mediated
      devices. The problem is that the hostdev preparing functions behave like
      a fallthrough if device of that specific type doesn't exist. However,
      the check for VFIO support was independent of the existence of a mdev
      device which caused the guest to fail to start with any device to be
      directly assigned if VFIO was disabled/unavailable in the kernel.
      The proposed change first ensures that it makes sense to check for VFIO
      support in the first place, and only then performs the VFIO support check
      itself.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1441291Signed-off-by: NErik Skultety <eskultet@redhat.com>
      (cherry picked from commit b4c2ac8d)
      1cf9493e
    • W
      util: systemd: Don't strlen a possibly NULL string · 679aa190
      Wang King 提交于
      Coverity complains about virBufferCurrentContent might be return null
      when calling strlen, so check virBufferError first before calling
      strlen.
      
      (cherry picked from commit c5ca209f)
      679aa190
    • W
      interface: Fix resource leak in netcfConnectListAllInterfaces error path · a7aacb74
      Wang King 提交于
      On virGetInterface failure, call virInterfaceDefFree for the @def.
      
      (cherry picked from commit 1b1b0459)
      a7aacb74
    • W
      virsh: don't leak @cpumap in virshVcpuPinQuery · dce5c95c
      Wang King 提交于
      ==18591== 16 bytes in 1 blocks are definitely lost in loss record 41 of 183
      ==18591==    at 0x4C2B934: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==18591==    by 0x54EBB1C: virAllocN (viralloc.c:191)
      ==18591==    by 0x1628CA: _vshMalloc (vsh.c:136)
      ==18591==    by 0x1344C4: virshVcpuPinQuery (virsh-domain.c:6603)
      ==18591==    by 0x1344C4: cmdVcpuPin (virsh-domain.c:6707)
      ==18591==    by 0x1631BF: vshCommandRun (vsh.c:1312)
      ==18591==    by 0x12DBB1: main (virsh.c:961)
      
      (cherry picked from commit b1aa4613)
      dce5c95c
    • P
      tests: fix some resource leaks · 3cfd60b1
      Pavel Hrdina 提交于
      Found by running valgrind for these tests.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      (cherry picked from commit 9005a64b)
      3cfd60b1
    • P
      rpc: fix resource leak · e675e874
      Pavel Hrdina 提交于
      Commit 252610f7 switched to use hash to store servers.
      Function virHashGetItems returns allocated array which needs
      to be freed also for successful path, not only if there is
      an error.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      (cherry picked from commit ab0a461b)
      e675e874
    • P
      src: fix multiple resource leaks in loops · c714afcc
      Pavel Hrdina 提交于
      All of the variables are filled inside a loop and therefore
      needs to be also freed in every cycle.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      (cherry picked from commit ffc810b7)
      c714afcc
    • P
      conf/domain_capabilities: fix resource leak · fdd08607
      Pavel Hrdina 提交于
      Commit 14319c81 introduced CPU host model in domain capabilities
      and the *hostmodel* variable is always filled by virCPUDefCopy()
      and needs to be freed.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      (cherry picked from commit 87d97a9d)
      fdd08607
    • M
      qemu: Fix two use-after-free situations · 9a47afb1
      Marc Hartmayer 提交于
      There were multiple race conditions that could lead to segmentation
      faults. The first precondition for this is qemuProcessLaunch must fail
      sometime shortly after starting the new QEMU process. The second
      precondition for the segmentation faults is that the new QEMU process
      dies - or to be more precise the QEMU monitor has to be closed
      irregularly. If both happens during qemuProcessStart (starting a
      domain) there are race windows between the thread with the event
      loop (T1) and the thread that is starting the domain (T2).
      
      First segmentation fault scenario:
      If qemuProcessLaunch fails during qemuProcessStart the code branches
      to the 'stop' path where 'qemuMonitorSetDomainLog(priv->mon, NULL,
      NULL, NULL)' will set the log function of the monitor to NULL (done in
      T2). In the meantime the event loop of T1 will wake up with an EOF
      event for the QEMU monitor because the QEMU process has died. The
      crash occurs if T1 has checked 'mon->logFunc != NULL' in qemuMonitorIO
      just before the logFunc was set to NULL by T2. If this situation
      occurs T1 will try to call mon->logFunc which leads to the
      segmentation fault.
      
      Solution:
      Require the monitor lock for setting the log function.
      
      Backtrace:
      0  0x0000000000000000 in ?? ()
      1  0x000003ffe9e45316 in qemuMonitorIO (watch=<optimized out>,
      fd=<optimized out>, events=<optimized out>, opaque=0x3ffe08aa860) at
      ../../src/qemu/qemu_monitor.c:727
      2  0x000003fffda2e1a4 in virEventPollDispatchHandles (nfds=<optimized
      out>, fds=0x2aa000fd980) at ../../src/util/vireventpoll.c:508
      3  0x000003fffda2e398 in virEventPollRunOnce () at
      ../../src/util/vireventpoll.c:657
      4  0x000003fffda2ca10 in virEventRunDefaultImpl () at
      ../../src/util/virevent.c:314
      5  0x000003fffdba9366 in virNetDaemonRun (dmn=0x2aa000cc550) at
      ../../src/rpc/virnetdaemon.c:818
      6  0x000002aa00024668 in main (argc=<optimized out>, argv=<optimized
      out>) at ../../daemon/libvirtd.c:1541
      
      Second segmentation fault scenario:
      If qemuProcessLaunch fails it will unref the log context and with
      invoking qemuMonitorSetDomainLog(priv->mon, NULL, NULL, NULL)
      qemuDomainLogContextFree() will be invoked. qemuDomainLogContextFree()
      invokes virNetClientClose() to close the client and cleans everything
      up (including unref of _virLogManager.client) when virNetClientClose()
      returns. When T1 is now trying to report 'qemu unexpectedly closed the
      monitor' libvirtd will crash because the client has already been
      freed.
      
      Solution:
      As the critical section in qemuMonitorIO is protected with the monitor
      lock we can use the same solution as proposed for the first
      segmentation fault.
      
      Backtrace:
      0  virClassIsDerivedFrom (klass=0x3100979797979797,
      parent=0x2aa000d92f0) at ../../src/util/virobject.c:169
      1  0x000003fffda659e6 in virObjectIsClass (anyobj=<optimized out>,
      klass=<optimized out>) at ../../src/util/virobject.c:365
      2  0x000003fffda65a24 in virObjectLock (anyobj=0x3ffe08c1db0) at
      ../../src/util/virobject.c:317
      3  0x000003fffdba4688 in
      virNetClientIOEventLoop (client=client@entry=0x3ffe08c1db0,
      thiscall=thiscall@entry=0x2aa000fbfa0) at
      ../../src/rpc/virnetclient.c:1668
      4  0x000003fffdba4b4c in
      virNetClientIO (client=client@entry=0x3ffe08c1db0,
      thiscall=0x2aa000fbfa0) at ../../src/rpc/virnetclient.c:1944
      5  0x000003fffdba4d42 in
      virNetClientSendInternal (client=client@entry=0x3ffe08c1db0,
      msg=msg@entry=0x2aa000cc710, expectReply=expectReply@entry=true,
      nonBlock=nonBlock@entry=false) at ../../src/rpc/virnetclient.c:2116
      6  0x000003fffdba6268 in
      virNetClientSendWithReply (client=0x3ffe08c1db0, msg=0x2aa000cc710) at
      ../../src/rpc/virnetclient.c:2144
      7  0x000003fffdba6e8e in virNetClientProgramCall (prog=0x3ffe08c1120,
      client=<optimized out>, serial=<optimized out>, proc=<optimized out>,
      noutfds=<optimized out>, outfds=0x0, ninfds=0x0, infds=0x0,
      args_filter=0x3fffdb64440
      <xdr_virLogManagerProtocolDomainReadLogFileArgs>, args=0x3ffffffe010,
      ret_filter=0x3fffdb644c0
      <xdr_virLogManagerProtocolDomainReadLogFileRet>, ret=0x3ffffffe008) at
      ../../src/rpc/virnetclientprogram.c:329
      8  0x000003fffdb64042 in
      virLogManagerDomainReadLogFile (mgr=<optimized out>, path=<optimized
      out>, inode=<optimized out>, offset=<optimized out>, maxlen=<optimized
      out>, flags=0) at ../../src/logging/log_manager.c:272
      9  0x000003ffe9e0315c in qemuDomainLogContextRead (ctxt=0x3ffe08c2980,
      msg=0x3ffffffe1c0) at ../../src/qemu/qemu_domain.c:4422
      10 0x000003ffe9e280a8 in qemuProcessReadLog (logCtxt=<optimized out>,
      msg=msg@entry=0x3ffffffe288) at ../../src/qemu/qemu_process.c:1800
      11 0x000003ffe9e28206 in qemuProcessReportLogError (logCtxt=<optimized
      out>, msgprefix=0x3ffe9ec276a "qemu unexpectedly closed the monitor")
      at ../../src/qemu/qemu_process.c:1836
      12 0x000003ffe9e28306 in
      qemuProcessMonitorReportLogError (mon=mon@entry=0x3ffe085cf10,
      msg=<optimized out>, opaque=<optimized out>) at
      ../../src/qemu/qemu_process.c:1856
      13 0x000003ffe9e452b6 in qemuMonitorIO (watch=<optimized out>,
      fd=<optimized out>, events=<optimized out>, opaque=0x3ffe085cf10) at
      ../../src/qemu/qemu_monitor.c:726
      14 0x000003fffda2e1a4 in virEventPollDispatchHandles (nfds=<optimized
      out>, fds=0x2aa000fd980) at ../../src/util/vireventpoll.c:508
      15 0x000003fffda2e398 in virEventPollRunOnce () at
      ../../src/util/vireventpoll.c:657
      16 0x000003fffda2ca10 in virEventRunDefaultImpl () at
      ../../src/util/virevent.c:314
      17 0x000003fffdba9366 in virNetDaemonRun (dmn=0x2aa000cc550) at
      ../../src/rpc/virnetdaemon.c:818
      18 0x000002aa00024668 in main (argc=<optimized out>, argv=<optimized
      out>) at ../../daemon/libvirtd.c:1541
      
      Other code parts where the same problem was possible to occur are
      fixed as well (qemuMigrationFinish, qemuProcessStart, and
      qemuDomainSaveImageStartVM).
      Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
      Reported-by: NSascha Silbe <silbe@linux.vnet.ibm.com>
      (cherry picked from commit 20e95cb7)
      9a47afb1
    • J
      disk: Force usage of parted when checking disk format for "bsd" · a45034e1
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1439132
      
      Add "bsd" to the list of format types to not checked during blkid
      processing even though it supposedly knows the format - for some
      (now unknown) reason it's returning partition table not found. So
      let's just let PARTED handle "bsd" too.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      (cherry picked from commit 98f424d5)
      a45034e1
    • J
      disk: Resolve issues with disk partition build/start checks · facbb1f0
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1439132
      
      Commit id 'a48c674f' added a check for format types "dvh" and "pc98"
      to use the parted print processing instead of using blkid processing
      in order to validate the label on the disk was what is expected for
      disk pool startup. However, commit id 'a4cb4a74' really messed things
      up by missing an else condition causing PARTEDFindLabel to always
      return DIFFERENT.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      (cherry picked from commit f2a12320)
      facbb1f0
    • P
      conf: create new RemovalFailed event using correct class · e495bdef
      Pavel Hrdina 提交于
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      (cherry picked from commit be193c4d)
      e495bdef
    • P
      qemu: fix memory leak and check mdevPath · 6f2b428f
      Pavel Hrdina 提交于
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      (cherry picked from commit d58c146a)
      6f2b428f
    • J
      qemu: Properly reset TLS in qemuProcessRecoverMigrationIn · bca95e75
      Jiri Denemark 提交于
      There is no async job running when a freshly started libvirtd is trying
      to recover from an interrupted incoming migration. While at it, let's
      call qemuMigrationResetTLS every time we don't kill the domain. This is
      not strictly necessary since TLS is not supported when v2 migration
      protocol is used, but doing so makes more sense.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      (cherry picked from commit 59b28eca)
      bca95e75
    • J
      Properly ignore files in build-aux directory · afb435d8
      Jiri Denemark 提交于
      We want to ignore all files except *.pl in build-aux directory, however
      the unignore pattern "!/build-aux/*.pl" doesn't have any effect because
      a previous "/build-aux/" pattern ignores the directory itself rather
      than individual files in it.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1439994Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      (cherry picked from commit f0ad8e7e)
      afb435d8
    • M
      conf: Fix possible memleak in capabilities · 0b6143eb
      Martin Kletzander 提交于
      If formatting NUMA topology fails, the function returns immediatelly,
      but the buffer structure allocated on the stack references lot of
      heap-allocated memory and that would get lost in such case.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit 6369ee04)
      0b6143eb
    • J
      Split out -Wframe-larger-than warning from WARN_CLFAGS · b7980800
      Ján Tomko 提交于
      Introduce STRICT_FRAME_LIMIT_CFLAGS that will be used for
      production code and RELAXED_FRAME_LIMIT_CFLAGS for tests.
      
      Raising the limit for tests allows building them with clang
      with optimizations disabled.
      
      (cherry picked from commit e73889b6)
      b7980800
    • M
      virISCSIGetSession: Don't leak memory · f59163c4
      Michal Privoznik 提交于
      This function runs an iscsi command and parses its output.
      However, due to the nature of things, virISCSIExtractSession()
      callback can be called multiple times. In each run it would
      allocate new memory and overwrite the variable where we keep
      pointer to it and thus leaking old allocations.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit 9c037c6c)
      f59163c4
    • M
      virStorageSourceClear: Don't leave dangling pointers behind · 9e8d33ae
      Michal Privoznik 提交于
      Imagine that this function is called twice over the same disk
      source. While in the first run all allocated memory is freed, not
      all pointers are set to NULL (e.g. def->srcpool). So when called
      again, these poitners are freed again resulting in double free.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit 349badbf)
      9e8d33ae
    • J
      qemu: Break endless loop if qemuMigrationResetTLS fails · 3feb8fb7
      Jiri Denemark 提交于
      Jumping to "endjob" label from a code after this label is not a very
      good idea.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      (cherry picked from commit d658c859)
      3feb8fb7
    • P
      storage: gluster: Implement 'checkPool' method so that state is restored · 605f21c5
      Peter Krempa 提交于
      After restart of libvirtd the 'checkPool' method is supposed to validate
      that the pool is online. Since libvirt then refreshes the pool contents
      anyways just return whether the pool was supposed to be online so that
      the code can be reached. This is necessary since if a pool does not
      implement the method it's automatically considered as inactive.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1436065
      (cherry picked from commit a200ebbc)
      605f21c5
    • P
      docs: Document limitation of maximum vcpu count used with <topology> · bf23f24b
      Peter Krempa 提交于
      qemu requires that the topology equals to the maximum vcpu count.
      Document this along with the API to set maximum vcpu count and the XML
      element.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1426220
      (cherry picked from commit 4661a186)
      bf23f24b
    • J
      qemu: Fix resource leak in qemuDomainAddChardevTLSObjects error path · 30561956
      John Ferlan 提交于
      On any failure, call virJSONValueFree for the *Props.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      (cherry picked from commit 2e8c6095)
      30561956
    • J
      qemu: Initialize 'data' argument · 8eeeb765
      John Ferlan 提交于
      Initialize stack variable to {0}
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      (cherry picked from commit 83c58ea3)
      8eeeb765
    • P
      storage: util: Pass pool type to virStorageBackendFindGlusterPoolSources · 975fb262
      Peter Krempa 提交于
      The native gluster pool source list data differs from the data used for
      attaching gluster volumes as netfs pools. Currently the only difference
      was the format. Since native pools don't use it and later there will be
      more differences add a more deterministic way to switch between the
      types instead.
      
      (cherry picked from commit a92160db)
      975fb262
    • J
      util: ignore -Wcast-align in virNetlinkDumpCommand · c1b4e0f3
      Ján Tomko 提交于
      Similar to commit b202c39a ignore the warning that breaks the build
      with clang:
      util/virnetlink.c:365:52: error: cast from 'char *' to 'struct nlmsghdr *'
       increases required alignment from 1 to 4 [-Werror,-Wcast-align]
              for (msg = resp; NLMSG_OK(msg, len); msg = NLMSG_NEXT(msg, len)) {
                                                         ^~~~~~~~~~~~~~~~~~~~
      /usr/include/linux/netlink.h:87:7: note: expanded from macro 'NLMSG_NEXT'
               (struct nlmsghdr*)(((char*)(nlh)) + NLMSG_ALIGN((nlh)->nlmsg_len)))
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      (cherry picked from commit 04be4111)
      c1b4e0f3
    • P
      qemu: hotplug: Clear vcpu ordering for coldplug of vcpus · 0a1c9b63
      Peter Krempa 提交于
      Vcpu order is required to stay sequential. Clear the order on cpu
      coldplug to avoid issues with removing vcpus out of sequence.
      
      (cherry picked from commit b416a33a)
      0a1c9b63
    • P
      qemu: hotplug: Fix formatting strings in qemuDomainFilterHotplugVcpuEntities · 64cf4128
      Peter Krempa 提交于
      'next' is declared as 'ssize_t' so use '%zd'
      
      (cherry picked from commit 86d69c30)
      64cf4128
    • P
      qemu: hotplug: Iterate over vcpu 0 in individual vcpu hotplug code · 1abdc6e5
      Peter Krempa 提交于
      Buggy condition meant that vcpu0 would not be iterated in the checks.
      Since it's not hotpluggable anyways we would not be able to break the
      configuration of a live VM.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1437013
      (cherry picked from commit 315f443d)
      1abdc6e5
    • E
      qemu: Add device id for mediated devices on qemu command line · 59f51f7f
      Erik Skultety 提交于
      Like all devices, add the 'id' option for mdevs as well. Patch also
      adjusts the test accordingly.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1438431Signed-off-by: NErik Skultety <eskultet@redhat.com>
      (cherry picked from commit c3272e5e)
      59f51f7f
    • J
      storage: Fix capacity value for LUKS encrypted volumes · 33a3b857
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1371892
      
      The 'capacity' value (e.g. guest logical size) for a LUKS volume is
      smaller than the 'physical' value of the file in the file system, so
      we need to account for that.
      
      When peeking at the encryption information about the volume add a fetch
      of the payload_offset which is described as the offset to the start of
      the volume data (in 512 byte sectors) in QEMU's QCryptoBlockLUKSHeader.
      
      Then adjust the ->capacity appropriately when we determine that the
      volume target encryption has a payload_offset value.
      
      (cherry picked from commit b7d44f45)
      33a3b857
    • C
      virNetDevIPCheckIPv6ForwardingCallback fixes · c4d19a8e
      Cédric Bosdonnat 提交于
      Add check for more than one RTA_OIF, even though this is rather
      unlikely.
      
      Get rid of the buggy switch / break as this code won't need to
      handle more attributes.
      
      Use VIR_WARNINGS_NO_CAST_ALIGN to fix impossible to fix
      util/virnetdevip.c:560:17: error: cast increases required alignment of target type [-Werror=cast-align]
      
      (cherry picked from commit b202c39a)
      c4d19a8e
    • P
      storage: driver: Remove unavailable transient pools after restart · 9d9fad96
      Peter Krempa 提交于
      If a transient storage pool is deemed inactive after libvirtd restart it
      would not be deleted from the list. Reuse virStoragePoolUpdateInactive
      along with a refactor necessary to properly update the state.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242801
      (cherry picked from commit f3a8e80c)
      9d9fad96
    • P
      storage: driver: Split out code fixing pool state after deactivation · c5ed923b
      Peter Krempa 提交于
      After a pool is made inactive the definition objects need to be updated
      (if a new definition is prepared) and transient pools need to be
      completely removed. Split out the code doing these steps into a separate
      function for later reuse.
      
      (cherry picked from commit aced6b23)
      c5ed923b
    • P
      storage: backend: Use correct stringifier for pool type · 03c8afa9
      Peter Krempa 提交于
      When registering a storage poll backend, the code would use
      virStorageTypeToString instead of virStoragePoolTypeToString. The
      following message would be logged:
      
      virDriverLoadModuleFunc:71 : Lookup function 'virStorageBackendSCSIRegister'
      virStorageBackendRegister:174 : Registering storage backend '(null)'
      (cherry picked from commit 894133a3)
      03c8afa9
  2. 04 5月, 2017 2 次提交
    • E
      mdev: Fix daemon crash on domain shutdown after reconnect · 950f1a39
      Erik Skultety 提交于
      The problem resides in virHostdevUpdateActiveMediatedDevices which gets
      called during qemuProcessReconnect. The issue here is that
      virMediatedDeviceListAdd takes a pointer to the item to be added to the
      list to which VIR_APPEND_ELEMENT is used, which also clears the pointer.
      However, in this case only the local copy of the pointer got cleared,
      leaving the original pointing to valid memory. To sum it up, during
      cleanup phase, the original pointer is freed and the daemon crashes
      basically any time it would access it.
      
      Backtrace:
      0x00007ffff3ccdeba in __strcmp_sse2_unaligned
      0x00007ffff72a444a in virMediatedDeviceListFindIndex
      0x00007ffff7241446 in virHostdevReAttachMediatedDevices
      0x00007fffc60215d9 in qemuHostdevReAttachMediatedDevices
      0x00007fffc60216dc in qemuHostdevReAttachDomainDevices
      0x00007fffc6046e6f in qemuProcessStop
      0x00007fffc6091596 in processMonitorEOFEvent
      0x00007fffc6091793 in qemuProcessEventHandler
      0x00007ffff7294bf5 in virThreadPoolWorker
      0x00007ffff7294184 in virThreadHelper
      0x00007ffff3fdc3c4 in start_thread () from /lib64/libpthread.so.0
      0x00007ffff3d269cf in clone () from /lib64/libc.so.6
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1446455
      
      (cherry picked from commit 92e30a4d)
      Signed-off-by: NErik Skultety <eskultet@redhat.com>
      950f1a39
    • E
      util: mdev: Use a local variable instead of a direct pointer access · 5d4ecee9
      Erik Skultety 提交于
      Use a local variable to hold data, rather than accessing the pointer
      after calling virMediatedDeviceListAdd (therefore VIR_APPEND_ELEMENT).
      Although not causing an issue at the moment, this change is a necessary
      prerequisite for tweaking virMediatedDeviceListAdd in a separate patch,
      which will take a reference for the source pointer (instead of pointer
      value) and will clear it along the way.
      
      (cherry picked from commit 2739a983)
      Signed-off-by: NErik Skultety <eskultet@redhat.com>
      5d4ecee9