qemu: avoid rare race when undefining domain

When one domain is being undefined and at the same time started, for
example, there is a possibility of a rare problem occuring.

 - Thread 1 does virDomainUndefine(), has the lock, checks that the
   domain is active and because it's not, calls
   virDomainObjListRemove().

 - Thread 2 does virDomainCreate() and tries to lock the domain.

 - Thread 1 needs to lock domain list in order to remove the domain from
   it, but must unlock domain first (proper order is to lock domain list
   first and the domain itself second).

 - Thread 2 grabs the lock, starts the domain and releases the lock.

 - Thread 1 grabs the lock and removes the domain from list.

With this patch:

 - qemuDomainRemoveInactive() creates a QEMU_JOB_MODIFY if that's
   possible, but since it must remove the domain from list either way,
   it continues even when starting the job failed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150505

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 76fcccec96296da3a0a49999a827bba46e7e52b7..0caf1c05fe5dd2d026c510130eeed1de117d393b 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2392,9 +2392,13 @@ void
 qemuDomainRemoveInactive(virQEMUDriverPtr driver,
                          virDomainObjPtr vm)
 {
+    bool haveJob = true;
     char *snapDir;
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
 
+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+        haveJob = false;
+
     /* Remove any snapshot metadata prior to removing the domain */
     if (qemuDomainSnapshotDiscardAllMetadata(driver, vm) < 0) {
         VIR_WARN("unable to remove all snapshots for domain %s",
@@ -2411,6 +2415,9 @@ qemuDomainRemoveInactive(virQEMUDriverPtr driver,
     }
     virDomainObjListRemove(driver->domains, vm);
     virObjectUnref(cfg);
+
+    if (haveJob)
+        ignore_value(qemuDomainObjEndJob(driver, vm));
 }
 
 void