[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 3/3] hold an extra reference while handling watchdog event



If the domain is not persistent, and qemu quited unexpectedly before
calling processWatchdogEvent(), vm will be freed and the function
processWatchdogEvent() will be dangerous.

---
 src/qemu/qemu_driver.c  |   10 ++++++----
 src/qemu/qemu_process.c |    4 ++++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d79d61b..c9c681f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2443,15 +2443,17 @@ static void processWatchdogEvent(void *data, void *opaque)
     }
 
 endjob:
-    if (qemuDomainObjEndJob(wdEvent->vm) == 0)
-        wdEvent->vm = NULL;
+    /* Safe to ignore value since ref count was incremented in
+     * qemuProcessHandleWatchdog().
+     */
+    ignore_value(qemuDomainObjEndJob(wdEvent->vm));
 
 unlock:
-    if (wdEvent->vm)
-        virDomainObjUnlock(wdEvent->vm);
     qemuDriverUnlock(driver);
 
 cleanup:
+    if (virDomainObjUnref(wdEvent->vm) > 0)
+        virDomainObjUnlock(wdEvent->vm);
     VIR_FREE(wdEvent);
 }
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e31e1b4..cd8c726 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -426,6 +426,10 @@ qemuProcessHandleWatchdog(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
         if (VIR_ALLOC(wdEvent) == 0) {
             wdEvent->action = VIR_DOMAIN_WATCHDOG_ACTION_DUMP;
             wdEvent->vm = vm;
+            /* Hold an extra reference because we can't allow 'vm' to be
+             * deleted before handling watchdog event is finished.
+             */
+            virDomainObjRef(vm);
             ignore_value(virThreadPoolSendJob(driver->workerPool, wdEvent));
         } else
             virReportOOMError();
-- 
1.7.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]