From nobody Sat Apr 20 08:43:27 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1560148490; cv=none;
	d=zoho.com; s=zohoarc;
	b=GGiU9iYafXKbGgLdxNEHbgGacBz6mX/UeyEeuDW4NKDaBuUCSwlZ4p4Z5hkrCRdbLnYt0cvBvPJvauEkUHifbVoOpas51eB86GIod1amDBe1VpxEuGFhG4iTXR5omPg4ka0ZfNQ9LxrJpmAycmrhHCq3wtBakaiF1AUTgDGwCyw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1560148490;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results;
	bh=ZxRXiOiitDPHPw1mJnvl+HAbBnVaYQeUySK53HPD3z8=;
	b=ijFDqhLRZpxpvFN6ewx8EYngxhLovG7M+UEAgSvWHmxo0pPxRM6n2HuHJldvFEiRn7KBmbg2I0ZU9m2ib/4yc7PG4DBZ5Ctpu3PN4yznkCqxgSAeGkLc2S8ZScbTGvOS4mUfXyvG8dX/UpmldoeD4khr4OgYeAU4B9eWumkpSgA=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1560148490491128.3805629886259;
 Sun, 9 Jun 2019 23:34:50 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 30BC5821D1;
	Mon, 10 Jun 2019 06:34:30 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id ACA231972B;
	Mon, 10 Jun 2019 06:34:15 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6F6671806B15;
	Mon, 10 Jun 2019 06:33:57 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x5A6XpFu010012 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 10 Jun 2019 02:33:54 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E85101975F; Mon, 10 Jun 2019 06:33:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com
	[10.5.110.25])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E30FC1972B
	for <libvir-list@redhat.com>; Mon, 10 Jun 2019 06:33:49 +0000 (UTC)
Received: from mail1.windriver.com (mail1.windriver.com [147.11.146.13])
	(using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 074F581DF6
	for <libvir-list@redhat.com>; Mon, 10 Jun 2019 06:33:40 +0000 (UTC)
Received: from ALA-HCA.corp.ad.wrs.com ([147.11.189.40])
	by mail1.windriver.com (8.15.2/8.15.1) with ESMTPS id x5A6XZjG000725
	(version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL)
	for <libvir-list@redhat.com>; Sun, 9 Jun 2019 23:33:36 -0700 (PDT)
Received: from pek-lpggp2.wrs.com (128.224.153.75) by ALA-HCA.corp.ad.wrs.com
	(147.11.189.50) with Microsoft SMTP Server (TLS) id 14.3.439.0;
	Sun, 9 Jun 2019 23:33:35 -0700
From: Liu Haitao <haitao.liu@windriver.com>
To: <libvir-list@redhat.com>
Date: Mon, 10 Jun 2019 14:15:56 +0800
Message-ID: <1560147356-18777-1-git-send-email-haitao.liu@windriver.com>
MIME-Version: 1.0
X-Originating-IP: [128.224.153.75]
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 216
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.25]); Mon, 10 Jun 2019 06:33:41 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.25]);
	Mon, 10 Jun 2019 06:33:41 +0000 (UTC) for IP:'147.11.146.13'
	DOMAIN:'mail1.windriver.com' HELO:'mail1.windriver.com'
	FROM:'Haitao.Liu@windriver.com' RCPT:''
X-RedHat-Spam-Score: -2.3  (RCVD_IN_DNSWL_MED, SPF_HELO_NONE,
	SPF_PASS) 147.11.146.13 mail1.windriver.com 147.11.146.13
	mail1.windriver.com <Haitao.Liu@windriver.com>
X-Scanned-By: MIMEDefang 2.83 on 10.5.110.25
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH]daemon: Fix a crash during
	virNetlinkEventServiceStopAll
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]);
 Mon, 10 Jun 2019 06:34:48 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

The virNetlinkEventServiceStopAll() should be executed behind virStateClean=
up(),
for some important resources like(static virNetlinkEventSrvPrivatePtr serve=
r)
are freed unexpected. However virStateCleanup() need to use this
variable(server).

The call trace of virNetlinkEventServiceStopAll:

virNetlinkEventServiceStopAll()
	--> virNetlinkEventServiceStop()
	  --> server[protocol] =3D NULL;   // set server to null=20

The call trace of virStateCleanup():
virStateCleanup()
	-->qemuStateCleanup()
	  -->qemuProcessStop()
	    -->virNetDevMacVLanDeleteWithVPortProfile()
	     -->virNetlinkEventRemoveClient()
	       --> srv =3D server[protocol]=20

In virNetlinkEventRemoveClient() the variable server is used again, but now=
 it
is null that is freed by virNetlinkEventServiceStopAll().So it would case a=
 crash .

The call trace of crash:

(gdb) bt
0  __GI___pthread_mutex_lock (mutex=3D0x0) at /usr/src/debug/glibc/2.24-r0/=
git/nptl/pthread_mutex_lock.c:67
1  0x00007fb0d555d0f9 in virNetlinkEventRemoveClient () from /usr/lib64/lib=
virt.so.0
2  0x00007fb0d55551df in virNetDevMacVLanDeleteWithVPortProfile () from /us=
r/lib64/libvirt.so.0
3  0x00007fb0c1131251 in qemuProcessStop () from /usr/lib64/libvirt/connect=
ion-driver/libvirt_driver_qemu.so
4  0x00007fb0c11995ea in ?? () from /usr/lib64/libvirt/connection-driver/li=
bvirt_driver_qemu.so
5  0x00007fb0d5588c5b in ?? () from /usr/lib64/libvirt.so.0
6  0x00007fb0d5587fe8 in ?? () from /usr/lib64/libvirt.so.0
7  0x00007fb0d19533f4 in start_thread (arg=3D0x7fb0be17b700) at /usr/src/de=
bug/glibc/2.24-r0/git/nptl/pthread_create.c:456
8  0x00007fb0d128f10f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clon=
e.S:105

Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
---
 src/remote/remote_daemon.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index c3782971f1..7da20a6644 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -1464,8 +1464,6 @@ int main(int argc, char **argv) {
     /* Keep cleanup order in inverse order of startup */
     virNetDaemonClose(dmn);
=20
-    virNetlinkEventServiceStopAll();
-
     if (driversInitialized) {
         /* NB: Possible issue with timing window between driversInitialized
          * setting if virNetlinkEventServerStart fails */
@@ -1473,6 +1471,8 @@ int main(int argc, char **argv) {
         virStateCleanup();
     }
=20
+    virNetlinkEventServiceStopAll();
+
     virObjectUnref(adminProgram);
     virObjectUnref(srvAdm);
     virObjectUnref(qemuProgram);
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list