xenbits.xensource.com Git - libvirt.git/commit

author	Jiri Denemark <jdenemar@redhat.com>
	Thu, 11 Feb 2016 10:20:28 +0000 (11:20 +0100)
committer	Jiri Denemark <jdenemar@redhat.com>
	Fri, 19 Feb 2016 14:41:57 +0000 (15:41 +0100)
commit	81f50cb92d16643bcd749e3ab5b404b8b7cec643
tree	7e24ba85a9a15ccdec6d18db30d7c4afee7fefbc	tree
parent	6f08cbb82b8b692d5fc99dcbbb25844a86529906	commit \| diff

qemu: Avoid calling qemuProcessStop without a job

Calling qemuProcessStop without a job opens a way to race conditions
with qemuDomainObjExitMonitor called in another thread. A real world
example of such a race condition:

  - migration thread (A) calls qemuMigrationWaitForSpice
  - another thread (B) starts processing qemuDomainAbortJob API
  - thread B signals thread A via qemuDomainObjAbortAsyncJob
  - thread B enters monitor (qemuDomainObjEnterMonitor)
  - thread B calls qemuMonitorSend
  - thread A awakens and calls qemuProcessStop
  - thread A calls qemuMonitorClose and sets priv->mon to NULL
  - thread B calls qemuDomainObjExitMonitor with priv->mon == NULL
  => monitor stays ref'ed and locked

Depending on how lucky we are, the race may result in a memory leak or
it can even deadlock libvirtd's event loop if it tries to lock the
monitor to process an event received before qemuMonitorClose was called.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

src/qemu/qemu_driver.c		diff \| blob \| blame \| history
src/qemu/qemu_migration.c		diff \| blob \| blame \| history
src/qemu/qemu_process.c		diff \| blob \| blame \| history
src/qemu/qemu_process.h		diff \| blob \| blame \| history