From ab2daea383e32d94c6429bc59105cbff1986d6b3 Mon Sep 17 00:00:00 2001
Message-Id: <ab2daea383e32d94c6429bc59105cbff1986d6b3@dist-git>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Wed, 21 Jan 2015 11:39:35 +0100
Subject: [PATCH] Fix vmdef usage while in monitor in qemuDomainHotplugVcpus
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://bugzilla.redhat.com/show_bug.cgi?id=1161024

Exit the monitor right after we've done with it to get
the virDomainObjPtr lock back, otherwise we might be accessing
vm->def while it's being cleaned up by qemuProcessStop.

If the domain crashed while we were in the monitor, exit
early instead of changing vm->def which is now the persistent
definition.

(cherry picked from commit 051add2ff90f7b7f821e274fd318e1d845144157)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/qemu/qemu_driver.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a62e429..97d850b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4462,7 +4462,7 @@ static int qemuDomainHotplugVcpus(virQEMUDriverPtr driver,
             if (rc == 0)
                 goto unsupported;
             if (rc < 0)
-                goto cleanup;
+                goto exit_monitor;
 
             vcpus++;
         }
@@ -4473,7 +4473,7 @@ static int qemuDomainHotplugVcpus(virQEMUDriverPtr driver,
             if (rc == 0)
                 goto unsupported;
             if (rc < 0)
-                goto cleanup;
+                goto exit_monitor;
 
             vcpus--;
         }
@@ -4490,6 +4490,10 @@ static int qemuDomainHotplugVcpus(virQEMUDriverPtr driver,
      * fatal */
     if ((ncpupids = qemuMonitorGetCPUInfo(priv->mon, &cpupids)) <= 0) {
         virResetLastError();
+        goto exit_monitor;
+    }
+    if (qemuDomainObjExitMonitor(driver, vm) < 0) {
+        ret = -1;
         goto cleanup;
     }
 
@@ -4610,10 +4614,10 @@ static int qemuDomainHotplugVcpus(virQEMUDriverPtr driver,
     cpupids = NULL;
 
  cleanup:
-    qemuDomainObjExitMonitor(driver, vm);
-    vm->def->vcpus = vcpus;
     VIR_FREE(cpupids);
     VIR_FREE(mem_mask);
+    if (virDomainObjIsActive(vm))
+        vm->def->vcpus = vcpus;
     virDomainAuditVcpu(vm, oldvcpus, nvcpus, "update", rc == 1);
     if (cgroup_vcpu)
         virCgroupFree(&cgroup_vcpu);
@@ -4622,6 +4626,8 @@ static int qemuDomainHotplugVcpus(virQEMUDriverPtr driver,
  unsupported:
     virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                    _("cannot change vcpu count of this domain"));
+ exit_monitor:
+    ignore_value(qemuDomainObjExitMonitor(driver, vm));
     goto cleanup;
 }
 
-- 
2.2.1