From: Jim Fehlig Date: Tue, 8 Jul 2014 21:34:48 +0000 (-0600) Subject: libxl: fix crash in migrate confirm for transient domains X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=72a8453948691b75a1802524837b6543353bf829;p=people%2Fliuw%2Flibxenctrl-split%2Flibvirt.git libxl: fix crash in migrate confirm for transient domains In libxlDomainMigrationConfirm(), a transient domain is removed from the domain list after successful migration. Later in cleanup, the domain object is unlocked, resulting in a crash Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fb4208ed700 (LWP 12044)] 0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef, parent=0x7fb42830d0c0) at util/virobject.c:169 169 if (klass->magic == parent->magic) (gdb) bt 0 0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef, parent=0x7fb42830d0c0) at util/virobject.c:169 1 0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0, klass=0x7fb42830d0c0) at util/virobject.c:365 2 0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0) at util/virobject.c:338 3 0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0, vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583 Fix by setting the virDomainObjPtr to NULL after removing it from the domain list. --- diff --git a/src/libxl/libxl_migration.c b/src/libxl/libxl_migration.c index ce3f9d580..dbb5a8f89 100644 --- a/src/libxl/libxl_migration.c +++ b/src/libxl/libxl_migration.c @@ -566,8 +566,10 @@ libxlDomainMigrationConfirm(libxlDriverPrivatePtr driver, if (flags & VIR_MIGRATE_UNDEFINE_SOURCE) virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm); - if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE)) + if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE)) { virDomainObjListRemove(driver->domains, vm); + vm = NULL; + } ret = 0;