rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-qemu_migration-Avoid-writing-to-freed-memory.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   9c6c51cb3e81e9dd411bd0d22cc1719d824114be
  2.   SOURCES
  3.   libvirt-qemu_migration-Avoid-writing-to-freed-memory.patch
Blob History Raw
9c6c51 
From 14898a26978613278b0a2508c077179144d54b39 Mon Sep 17 00:00:00 2001
9c6c51 
Message-Id: <14898a26978613278b0a2508c077179144d54b39@dist-git>
9c6c51 
From: Jiri Denemark <jdenemar@redhat.com>
9c6c51 
Date: Thu, 2 Aug 2018 16:56:02 +0200
9c6c51 
Subject: [PATCH] qemu_migration: Avoid writing to freed memory
9c6c51 
MIME-Version: 1.0
9c6c51 
Content-Type: text/plain; charset=UTF-8
9c6c51 
Content-Transfer-Encoding: 8bit
9c6c51
9c6c51 
When a domain is killed on the source host while it is being migrated
9c6c51 
and libvirtd is waiting for the migration to finish (waiting for the
9c6c51 
domain condition in qemuMigrationSrcWaitForCompletion), the run-time
9c6c51 
state including priv->job.current may already be freed once
9c6c51 
virDomainObjWait returns with -1. Thus the priv->job.current pointer
9c6c51 
cached in jobInfo is no longer valid and setting jobInfo->status may
9c6c51 
crash the daemon.
9c6c51
9c6c51 
https://bugzilla.redhat.com/show_bug.cgi?id=1593137
9c6c51
9c6c51 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
9c6c51 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
9c6c51 
(cherry picked from commit dddcb601ebf97ef222a03bb27b2357e831e8a0cc)
9c6c51
9c6c51 
https://bugzilla.redhat.com/show_bug.cgi?id=1615854
9c6c51
9c6c51 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
9c6c51 
Reviewed-by: Erik Skultety <eskultet@redhat.com>
9c6c51 
---
9c6c51 
 src/qemu/qemu_migration.c | 3 ++-
9c6c51 
 1 file changed, 2 insertions(+), 1 deletion(-)
9c6c51
9c6c51 
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
9c6c51 
index 435cd174af..825a9d399b 100644
9c6c51 
--- a/src/qemu/qemu_migration.c
9c6c51 
+++ b/src/qemu/qemu_migration.c
9c6c51 
@@ -1584,7 +1584,8 @@ qemuMigrationSrcWaitForCompletion(virQEMUDriverPtr driver,
9c6c51
9c6c51 
         if (events) {
9c6c51 
             if (virDomainObjWait(vm) < 0) {
9c6c51 
-                jobInfo->status = QEMU_DOMAIN_JOB_STATUS_FAILED;
9c6c51 
+                if (virDomainObjIsActive(vm))
9c6c51 
+                    jobInfo->status = QEMU_DOMAIN_JOB_STATUS_FAILED;
9c6c51 
                 return -2;
9c6c51 
             }
9c6c51 
         } else {
9c6c51 
--
9c6c51 
2.18.0
9c6c51

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation