libxl: fix crash in migrate confirm for transient domains

In libxlDomainMigrationConfirm(), a transient domain is removed
from the domain list after successful migration.  Later in cleanup,
the domain object is unlocked, resulting in a crash

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fb4208ed700 (LWP 12044)]
0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
  parent=0x7fb42830d0c0) at util/virobject.c:169
169	        if (klass->magic == parent->magic)
(gdb) bt
0  0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
  parent=0x7fb42830d0c0) at util/virobject.c:169
1  0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0,
  klass=0x7fb42830d0c0) at util/virobject.c:365
2  0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0)
  at util/virobject.c:338
3  0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0,
  vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583

Fix by setting the virDomainObjPtr to NULL after removing it from
the domain list.

diff --git a/src/libxl/libxl_migration.c b/src/libxl/libxl_migration.c
index ce3f9d58032ecd797c55d0f4c3e9332803123aca..dbb5a8f89f5f7aa80d2a8248411a5e63daa73743 100644 (file)
--- a/src/libxl/libxl_migration.c
+++ b/src/libxl/libxl_migration.c
@@ -566,8 +566,10 @@ libxlDomainMigrationConfirm(libxlDriverPrivatePtr driver,
     if (flags & VIR_MIGRATE_UNDEFINE_SOURCE)
         virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm);
 
-    if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE))
+    if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE)) {
         virDomainObjListRemove(driver->domains, vm);
+        vm = NULL;
+    }
 
     ret = 0;