Overview

File 72a84539-libxl-mig-crash-fix.patch of Package libvirt

commit 72a8453948691b75a1802524837b6543353bf829
Author: Jim Fehlig <jfehlig@suse.com>
Date:   Tue Jul 8 15:34:48 2014 -0600

    libxl: fix crash in migrate confirm for transient domains
    
    In libxlDomainMigrationConfirm(), a transient domain is removed
    from the domain list after successful migration.  Later in cleanup,
    the domain object is unlocked, resulting in a crash
    
    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0x7fb4208ed700 (LWP 12044)]
    0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
      parent=0x7fb42830d0c0) at util/virobject.c:169
    169	        if (klass->magic == parent->magic)
    (gdb) bt
    0  0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
      parent=0x7fb42830d0c0) at util/virobject.c:169
    1  0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0,
      klass=0x7fb42830d0c0) at util/virobject.c:365
    2  0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0)
      at util/virobject.c:338
    3  0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0,
      vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583
    
    Fix by setting the virDomainObjPtr to NULL after removing it from
    the domain list.

Index: libvirt-1.2.5/src/libxl/libxl_migration.c
===================================================================
--- libvirt-1.2.5.orig/src/libxl/libxl_migration.c
+++ libvirt-1.2.5/src/libxl/libxl_migration.c
@@ -568,8 +568,10 @@ libxlDomainMigrationConfirm(libxlDriverP
     if (flags & VIR_MIGRATE_UNDEFINE_SOURCE)
         virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm);
 
-    if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE))
+    if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE)) {
         virDomainObjListRemove(driver->domains, vm);
+        vm = NULL;
+    }
 
     ret = 0;
openSUSE Build Service is sponsored by
Places