External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 11:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix segfault during virsh save in pv guest

Browse Source 
this patch fix the wrong sequence for fd and timeout register. the sequence
was right in dfa1e1dd for fd register, but it changed in e0622ca2.
in this patch, set priv, xl_priv in info and increase info->priv ref count
before virEventAddHandle. if do this after virEventAddHandle, the fd
callback or fd deregister maybe got the empty priv, xl_priv or wrong ref
count.

after apply this patch, test more than 100 rounds passed compare to fail
within 3 rounds without this patch. each round includes define -> start ->
destroy -> create -> suspend -> resume -> reboot -> shutdown -> save ->
resotre -> dump -> destroy -> create -> setmem -> setvcpus -> destroy.

Signed-off-by: Bamvor Jian Zhang <bjzhang@suse.com>
This commit is contained in:
Bamvor Jian Zhang 2013-04-26 22:53:42 +08:00 committed by Jim Fehlig
parent 9395894585
commit 91d1911c2f
1 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/libxl/libxl_driver.c
View File

@ -181,17 +181,6 @@ libxlFDRegisterEventHook(void *priv, int fd, void **hndp,
return -1;
}
if (events & POLLIN)
vir_events |= VIR_EVENT_HANDLE_READABLE;
if (events & POLLOUT)
vir_events |= VIR_EVENT_HANDLE_WRITABLE;
info->id = virEventAddHandle(fd, vir_events, libxlFDEventCallback,
info, libxlEventHookInfoFree);
if (info->id < 0) {
VIR_FREE(info);
return -1;
}
info->priv = priv;
/*
* Take a reference on the domain object. Reference is dropped in
@ -199,8 +188,21 @@ libxlFDRegisterEventHook(void *priv, int fd, void **hndp,
* event objects.
*/
virObjectRef(info->priv);
info->xl_priv = xl_priv;
if (events & POLLIN)
vir_events |= VIR_EVENT_HANDLE_READABLE;
if (events & POLLOUT)
vir_events |= VIR_EVENT_HANDLE_WRITABLE;
info->id = virEventAddHandle(fd, vir_events, libxlFDEventCallback,
info, libxlEventHookInfoFree);
if (info->id < 0) {
virObjectUnref(info->priv);
VIR_FREE(info);
return -1;
}
*hndp = info;
return 0;
@ -283,6 +285,15 @@ libxlTimeoutRegisterEventHook(void *priv,
return -1;
}
info->priv = priv;
/*
* Also take a reference on the domain object. Reference is dropped in
* libxlEventHookInfoFree, ensuring the domain object outlives the timeout
* event objects.
*/
virObjectRef(info->priv);
info->xl_priv = xl_priv;
gettimeofday(&now, NULL);
timersub(&abs_t, &now, &res);
/* Ensure timeout is not overflowed */
@ -296,22 +307,14 @@ libxlTimeoutRegisterEventHook(void *priv,
info->id = virEventAddTimeout(timeout, libxlTimerCallback,
info, libxlEventHookInfoFree);
if (info->id < 0) {
virObjectUnref(info->priv);
VIR_FREE(info);
return -1;
}
info->priv = priv;
/*
* Also take a reference on the domain object. Reference is dropped in
* libxlEventHookInfoFree, ensuring the domain object outlives the timeout
* event objects.
*/
virObjectRef(info->priv);
virObjectLock(info->priv);
LIBXL_EV_REG_APPEND(info->priv->timerRegistrations, info);
virObjectUnlock(info->priv);
info->xl_priv = xl_priv;
*hndp = info;
return 0;