Fix crash when cleaning up from failed save attempt

If a transient QEMU crashes during save attempt, then the virDomainPtr object may be freed. If a persistent QEMU crashes during save, then the 'priv->mon' field is no longer valid since it will be inactive. * src/qemu/qemu_driver.c: Fix two crashes when QEMU exits during a save attempt
2024-12-25 23:25:24 +00:00 · 2010-04-19 15:41:48 +01:00 · 2010-04-19 15:41:48 +01:00 · d7e0fe6e9f
commit d7e0fe6e9f
parent ed7813d28d
1 changed files with 22 additions and 14 deletions
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@ -4924,19 +4924,20 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
    }
 endjob:
-    if (ret != 0 && header.was_running) {
+    if (vm) {
-        qemuDomainObjEnterMonitorWithDriver(driver, vm);
+        if (ret != 0 && header.was_running && priv->mon) {
-        rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
+            qemuDomainObjEnterMonitorWithDriver(driver, vm);
-        qemuDomainObjExitMonitorWithDriver(driver, vm);
+            rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
-        if (rc < 0)
+            qemuDomainObjExitMonitorWithDriver(driver, vm);
-            VIR_WARN0("Unable to resume guest CPUs after save failure");
+            if (rc < 0)
-        else
+                VIR_WARN0("Unable to resume guest CPUs after save failure");
-            vm->state = VIR_DOMAIN_RUNNING;
+            else
-    }
+                vm->state = VIR_DOMAIN_RUNNING;
        }
-    if (vm &&
+        if (qemuDomainObjEndJob(vm) == 0)
        qemuDomainObjEndJob(vm) == 0)
            vm = NULL;
    }
 cleanup:
    VIR_FREE(xml);
@ -7110,9 +7111,16 @@ static int qemudDomainAttachNetDevice(virConnectPtr conn,
    }
    /* FIXME - need to support vhost-net here (5th arg) */
-    if (!(netstr = qemuBuildHostNetStr(net, ' ',
+    if ((qemuCmdFlags & QEMUD_CMD_FLAG_NETDEV) &&
-                                       vlan, tapfd_name, 0)))
+        (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
-        goto try_tapfd_close;
+        if (!(netstr = qemuBuildHostNetStr(net, ',',
                                           -1, tapfd_name, 0)))
            goto try_tapfd_close;
    } else {
        if (!(netstr = qemuBuildHostNetStr(net, ' ',
                                           vlan, tapfd_name, 0)))
            goto try_tapfd_close;
    }
    qemuDomainObjEnterMonitorWithDriver(driver, vm);
    if (qemuMonitorAddHostNetwork(priv->mon, netstr) < 0) {