From d7e0fe6e9fd29d56134ed5d3a8416f9e02f2e5df Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Mon, 19 Apr 2010 15:41:48 +0100 Subject: [PATCH] Fix crash when cleaning up from failed save attempt If a transient QEMU crashes during save attempt, then the virDomainPtr object may be freed. If a persistent QEMU crashes during save, then the 'priv->mon' field is no longer valid since it will be inactive. * src/qemu/qemu_driver.c: Fix two crashes when QEMU exits during a save attempt --- src/qemu/qemu_driver.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index e1b1af3d7c..180f2d67d6 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -4924,19 +4924,20 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path, } endjob: - if (ret != 0 && header.was_running) { - qemuDomainObjEnterMonitorWithDriver(driver, vm); - rc = qemuMonitorStartCPUs(priv->mon, dom->conn); - qemuDomainObjExitMonitorWithDriver(driver, vm); - if (rc < 0) - VIR_WARN0("Unable to resume guest CPUs after save failure"); - else - vm->state = VIR_DOMAIN_RUNNING; - } + if (vm) { + if (ret != 0 && header.was_running && priv->mon) { + qemuDomainObjEnterMonitorWithDriver(driver, vm); + rc = qemuMonitorStartCPUs(priv->mon, dom->conn); + qemuDomainObjExitMonitorWithDriver(driver, vm); + if (rc < 0) + VIR_WARN0("Unable to resume guest CPUs after save failure"); + else + vm->state = VIR_DOMAIN_RUNNING; + } - if (vm && - qemuDomainObjEndJob(vm) == 0) + if (qemuDomainObjEndJob(vm) == 0) vm = NULL; + } cleanup: VIR_FREE(xml); @@ -7110,9 +7111,16 @@ static int qemudDomainAttachNetDevice(virConnectPtr conn, } /* FIXME - need to support vhost-net here (5th arg) */ - if (!(netstr = qemuBuildHostNetStr(net, ' ', - vlan, tapfd_name, 0))) - goto try_tapfd_close; + if ((qemuCmdFlags & QEMUD_CMD_FLAG_NETDEV) && + (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) { + if (!(netstr = qemuBuildHostNetStr(net, ',', + -1, tapfd_name, 0))) + goto try_tapfd_close; + } else { + if (!(netstr = qemuBuildHostNetStr(net, ' ', + vlan, tapfd_name, 0))) + goto try_tapfd_close; + } qemuDomainObjEnterMonitorWithDriver(driver, vm); if (qemuMonitorAddHostNetwork(priv->mon, netstr) < 0) {