mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-16 17:45:16 +00:00
Fix race condition when destroying guests
When running virDomainDestroy, we need to make sure that no other background thread cleans up the domain while we're doing our work. This can happen if we release the domain object while in the middle of work, because the monitor might detect EOF in this window. For this reason we have a 'beingDestroyed' flag to stop the monitor from doing its normal cleanup. Unfortunately this flag was only being used to protect qemuDomainBeginJob, and not qemuProcessKill This left open a race condition where either libvirtd could crash, or alternatively report bogus error messages about the domain already having been destroyed to the caller Signed-off-by: Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit 81621f3e6e45e8681cc18ae49404736a0e772a11) Conflicts: src/qemu/qemu_driver.c - virReportError had been removed from upstream in cases where qemuProcessKill failed, creating different context.
This commit is contained in:
parent
a054aa94e8
commit
2d6eaba201
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* qemu_driver.c: core driver methods for managing qemu guests
|
* qemu_driver.c: core driver methods for managing qemu guests
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2012 Red Hat, Inc.
|
* Copyright (C) 2006-2013 Red Hat, Inc.
|
||||||
* Copyright (C) 2006 Daniel P. Berrange
|
* Copyright (C) 2006 Daniel P. Berrange
|
||||||
*
|
*
|
||||||
* This library is free software; you can redistribute it and/or
|
* This library is free software; you can redistribute it and/or
|
||||||
@ -1943,6 +1943,12 @@ qemuDomainDestroyFlags(virDomainPtr dom,
|
|||||||
|
|
||||||
qemuDomainSetFakeReboot(driver, vm, false);
|
qemuDomainSetFakeReboot(driver, vm, false);
|
||||||
|
|
||||||
|
|
||||||
|
/* We need to prevent monitor EOF callback from doing our work (and sending
|
||||||
|
* misleading events) while the vm is unlocked inside BeginJob/ProcessKill API
|
||||||
|
*/
|
||||||
|
priv->beingDestroyed = true;
|
||||||
|
|
||||||
/* Although qemuProcessStop does this already, there may
|
/* Although qemuProcessStop does this already, there may
|
||||||
* be an outstanding job active. We want to make sure we
|
* be an outstanding job active. We want to make sure we
|
||||||
* can kill the process even if a job is active. Killing
|
* can kill the process even if a job is active. Killing
|
||||||
@ -1952,21 +1958,18 @@ qemuDomainDestroyFlags(virDomainPtr dom,
|
|||||||
if (qemuProcessKill(driver, vm, 0) < 0) {
|
if (qemuProcessKill(driver, vm, 0) < 0) {
|
||||||
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
|
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
|
||||||
_("failed to kill qemu process with SIGTERM"));
|
_("failed to kill qemu process with SIGTERM"));
|
||||||
|
priv->beingDestroyed = false;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE) < 0) {
|
if (qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE) < 0) {
|
||||||
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
|
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
|
||||||
_("failed to kill qemu process with SIGTERM"));
|
_("failed to kill qemu process with SIGTERM"));
|
||||||
|
priv->beingDestroyed = false;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We need to prevent monitor EOF callback from doing our work (and sending
|
|
||||||
* misleading events) while the vm is unlocked inside BeginJob API
|
|
||||||
*/
|
|
||||||
priv->beingDestroyed = true;
|
|
||||||
|
|
||||||
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_DESTROY) < 0)
|
if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_DESTROY) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user