File 15277033-qemu-Fix-potential-crash-during-driver-cleanup.patch of Package libvirt
60
1
From 68031e6ed80c8714501696d3dc5d2a23e5d45523 Mon Sep 17 00:00:00 20012
From: Jim Fehlig <jfehlig@suse.com>3
Date: Tue, 11 Apr 2023 09:15:43 -06004
Subject: [PATCH] qemu: Fix potential crash during driver cleanup5
6
During qemu driver shutdown, objects are freed in qemuStateCleanup that7
could still be used by active worker threads, resulting in crashes. E.g.8
a worker thread could be processing a monitor EOF event after the9
security manager is already disposed10
11
Program terminated with signal SIGSEGV, Segmentation fault.12
#0 0x00007fd9a9a1e1fe in virSecurityManagerMoveImageMetadata (mgr=0x7fd948012160, pid=-1, src=src@entry=0x7fd98c072c90, dst=dst@entry=0x0)13
at ../../src/security/security_manager.c:46814
#1 0x00007fd9646ff0f0 in qemuSecurityMoveImageMetadata (driver=driver@entry=0x7fd948043830, vm=vm@entry=0x7fd98c066db0, src=src@entry=0x7fd98c072c90,15
dst=dst@entry=0x0) at ../../src/qemu/qemu_security.c:18216
#2 0x00007fd96462c7b0 in qemuBlockRemoveImageMetadata (driver=driver@entry=0x7fd948043830, vm=vm@entry=0x7fd98c066db0, diskTarget=0x7fd98c072530 "vda",17
src=<optimized out>) at ../../src/qemu/qemu_block.c:262818
#3 0x00007fd9646929d6 in qemuProcessStop (driver=driver@entry=0x7fd948043830, vm=vm@entry=0x7fd98c066db0, reason=reason@entry=VIR_DOMAIN_SHUTOFF_SHUTDOWN,19
asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_NONE, flags=<optimized out>) at ../../src/qemu/qemu_process.c:758520
#4 0x00007fd9646fc842 in processMonitorEOFEvent (vm=0x7fd98c066db0, driver=0x7fd948043830) at ../../src/qemu/qemu_driver.c:479421
#5 qemuProcessEventHandler (data=0x561a93febb60, opaque=0x7fd948043830) at ../../src/qemu/qemu_driver.c:490022
#6 0x00007fd9a9971a31 in virThreadPoolWorker (opaque=opaque@entry=0x561a93fb58e0) at ../../src/util/virthreadpool.c:16323
(gdb) p mgr->drv24
$2 = (virSecurityDriverPtr) 0x025
26
Prior to commit 7cf76d4e3ab, the worker thread pool was freed before27
disposing any driver objects. Let's return to that pattern, but leave28
the other changes made by 7cf76d4e3ab.29
30
Fixes: https://bugzilla.suse.com/show_bug.cgi?id=120986131
32
Signed-off-by: Tamara Schmitz <tamara.schmitz@suse.com>33
Signed-off-by: Jim Fehlig <jfehlig@suse.com>34
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>35
(cherry picked from commit 152770333449cd3b78b4f5a9f1148fc1f482d842)36
---37
src/qemu/qemu_driver.c | 2 +-38
1 file changed, 1 insertion(+), 1 deletion(-)39
40
Index: libvirt-7.1.0/src/qemu/qemu_driver.c41
===================================================================42
--- libvirt-7.1.0.orig/src/qemu/qemu_driver.c43
+++ libvirt-7.1.0/src/qemu/qemu_driver.c44
45
if (!qemu_driver)46
return -1;47
48
+ virThreadPoolFree(qemu_driver->workerPool);49
virObjectUnref(qemu_driver->migrationErrors);50
virObjectUnref(qemu_driver->closeCallbacks);51
virLockManagerPluginUnref(qemu_driver->lockManager);52
53
ebtablesContextFree(qemu_driver->ebtables);54
VIR_FREE(qemu_driver->qemuImgBinary);55
virObjectUnref(qemu_driver->domains);56
- virThreadPoolFree(qemu_driver->workerPool);57
58
if (qemu_driver->lockFD != -1)59
virPidFileRelease(qemu_driver->config->stateDir, "driver", qemu_driver->lockFD);60