Overview

File 2dd70901-resolve-storage-driver-crash.patch of Package libvirt.9596

From 2dd70901db8b7fd62592b1332370148e97062431 Mon Sep 17 00:00:00 2001
From: John Ferlan <jferlan@redhat.com>
Date: Mon, 6 Nov 2017 15:22:07 -0500
Subject: [PATCH] storage: Resolve storage driver crash

Resolve a storage driver crash as a result of a long running
storageVolCreateXML when the virStorageVolPoolRefreshThread is
run as a result of when a storageVolUpload completed and ran the
virStoragePoolObjClearVols without checking if the creation
code was currently processing a buildVol after incrementing
the driver->asyncjob count.

The refreshThread will now check the pool asyncjob count before
attempting to pursue the pool refresh. Adjust the documentation
to describe the condition.

Crash from valgrind is as follows (with a bit of editing):

==21309== Invalid read of size 8
==21309==    at 0x153E47AF: storageBackendUpdateVolTargetInfo
==21309==    by 0x153E4C30: virStorageBackendUpdateVolInfo
==21309==    by 0x153E52DE: virStorageBackendVolRefreshLocal
==21309==    by 0x153DE29E: storageVolCreateXML
==21309==    by 0x562035B: virStorageVolCreateXML
==21309==    by 0x147366: remoteDispatchStorageVolCreateXML
...
==21309==  Address 0x2590a720 is 64 bytes inside a block of size 336 free'd
==21309==    at 0x4C2F2BB: free
==21309==    by 0x54CB9FA: virFree
==21309==    by 0x55BC800: virStorageVolDefFree
==21309==    by 0x55BF1D8: virStoragePoolObjClearVols
==21309==    by 0x153D967E: virStorageVolPoolRefreshThread
...
==21309==  Block was alloc'd at
==21309==    at 0x4C300A5: calloc
==21309==    by 0x54CB483: virAlloc
==21309==    by 0x55BDC1F: virStorageVolDefParseXML
==21309==    by 0x55BDC1F: virStorageVolDefParseNode
==21309==    by 0x55BE5A4: virStorageVolDefParse
==21309==    by 0x153DDFF1: storageVolCreateXML
==21309==    by 0x562035B: virStorageVolCreateXML
==21309==    by 0x147366: remoteDispatchStorageVolCreateXML
...
---
 src/libvirt-storage.c        | 3 ++-
 src/storage/storage_driver.c | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

Index: libvirt-3.3.0/src/libvirt-storage.c
===================================================================
--- libvirt-3.3.0.orig/src/libvirt-storage.c
+++ libvirt-3.3.0/src/libvirt-storage.c
@@ -1628,7 +1628,8 @@ virStorageVolDownload(virStorageVolPtr v
  * another active stream is writing to the storage volume.
  *
  * When the data stream is closed whether the upload is successful
- * or not the target storage pool will be refreshed to reflect pool
+ * or not an attempt will be made to refresh the target storage pool
+ * if an asynchronous build is not running in order to reflect pool
  * and volume changes as a result of the upload. Depending on
  * the target volume storage backend and the source stream type
  * for a successful upload, the target volume may take on the
Index: libvirt-3.3.0/src/storage/storage_driver.c
===================================================================
--- libvirt-3.3.0.orig/src/storage/storage_driver.c
+++ libvirt-3.3.0/src/storage/storage_driver.c
@@ -2228,6 +2228,13 @@ virStorageVolPoolRefreshThread(void *opa
                                              cbdata->pool_name)))
         goto cleanup;
 
+    /* If some thread is building a new volume in the pool, then we cannot
+     * clear out all vols and refresh the pool. So we'll just pass. */
+    if (virStoragePoolObjGetAsyncjobs(pool) > 0) {
+        VIR_DEBUG("Asyncjob in process, cannot refresh storage pool");
+        goto cleanup;
+    }
+
     if (!(backend = virStorageBackendForType(pool->def->type)))
         goto cleanup;
openSUSE Build Service is sponsored by
Places