When using a <interface type="network"> that points to a network with
hostdev forwarding mode a hostdev alias is created for the network. This
allias is inserted into the hostdev list, but is backed with a part of
the network object that it is connected to.
When a VM is being stopped qemuProcessStop() calls
networkReleaseActualDevice() which eventually frees the memory for the
hostdev object. Afterwards when the domain definition is being freed by
virDomainDefFree() an invalid pointer is accessed by
virDomainHostdevDefFree() and may cause a crash of the daemon.
This patch removes the entry in the hostdev list before freeing the
depending memory to avoid this issue.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=
1000973
return matchidx;
}
-virDomainNetDefPtr
-virDomainNetRemove(virDomainDefPtr def, size_t i)
-{
- virDomainNetDefPtr net = def->nets[i];
+void
+virDomainNetRemoveHostdev(virDomainDefPtr def,
+ virDomainNetDefPtr net)
+{
if (net->type == VIR_DOMAIN_NET_TYPE_HOSTDEV) {
/* hostdev net devices are normally also be in the hostdevs
* array, but might have already been removed by the time we
* get here.
*/
virDomainHostdevDefPtr hostdev = &net->data.hostdev.def;
- size_t h;
+ size_t i;
- for (h = 0; h < def->nhostdevs; h++) {
- if (def->hostdevs[h] == hostdev) {
- virDomainHostdevRemove(def, h);
+ for (i = 0; i < def->nhostdevs; i++) {
+ if (def->hostdevs[i] == hostdev) {
+ virDomainHostdevRemove(def, i);
break;
}
}
}
+}
+
+
+virDomainNetDefPtr
+virDomainNetRemove(virDomainDefPtr def, size_t i)
+{
+ virDomainNetDefPtr net = def->nets[i];
+
+ virDomainNetRemoveHostdev(def, net);
+
if (def->nnets > 1) {
memmove(def->nets + i,
def->nets + i + 1,
virDomainNetDefPtr virDomainNetFind(virDomainDefPtr def, const char *device);
int virDomainNetInsert(virDomainDefPtr def, virDomainNetDefPtr net);
virDomainNetDefPtr virDomainNetRemove(virDomainDefPtr def, size_t i);
+void virDomainNetRemoveHostdev(virDomainDefPtr def, virDomainNetDefPtr net);
int virDomainHostdevInsert(virDomainDefPtr def, virDomainHostdevDefPtr hostdev);
virDomainHostdevDefPtr
virDomainNetGetActualVlan;
virDomainNetInsert;
virDomainNetRemove;
+virDomainNetRemoveHostdev;
virDomainNetTypeToString;
virDomainNostateReasonTypeFromString;
virDomainNostateReasonTypeToString;
virDomainNetGetActualBridgeName(net), net->ifname));
}
+ virDomainNetRemoveHostdev(vm->def, net);
+
networkReleaseActualDevice(net);
}
/* the changes above warrant replacing olddev with newdev in
* the domain's nets list.
*/
+
+ /* this function doesn't work with HOSTDEV networks yet, thus
+ * no need to change the pointer in the hostdev structure */
networkReleaseActualDevice(olddev);
virDomainNetDefFree(olddev);
/* move newdev into the nets list, and NULL it out from the
virDomainNetGetActualBridgeName(net),
net->ifname));
+ /* kick the device out of the hostdev list too */
+ virDomainNetRemoveHostdev(def, net);
networkReleaseActualDevice(net);
}
projects / libvirt.git / commitdiff