From nobody Tue May 7 23:15:17 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1595324298; cv=none; d=zohomail.com; s=zohoarc; b=Bs2sQAdkD3opcWzsGKy6lf3JCNwykhyjyEHqwZQkwUyeVj4aYMS1fCYIeL9SdFyG1MkzMTgrE0Yz8zGlJfKInyCNzJCyIogQSkParNobFRShqdbWkLCjwn7UVTr8YrpbbFBjbg09LtywgZ+ykXWlYNTy+4fUtR28BEfpRidFkXA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595324298; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=STj9rNHw/eCsbc7mzJy/l/up60KDh5oWtZ1LV7Ec4I8=; b=LqMKC3qTJULLTFihP7CjFQxZNVLakq/vrHk5Q0JuF11lpk6OcosQhATQQ4LJbG5oGc6UxKgO7xai00blWSNeD2Ir7gHF3eTvrkFTvdbCaH1pWchztLP//mfKOi2Q5TZWsxCmgfd3DL5Gr2MyA/dmOvo2mByNEO0eU0PE0DPOY9U= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1595324298544822.9855470087501; Tue, 21 Jul 2020 02:38:18 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-37-xsB7E3oFNxKd--X7odb5Fg-1; Tue, 21 Jul 2020 05:38:15 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7A6768017FB; Tue, 21 Jul 2020 09:38:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4F3E05C1BD; Tue, 21 Jul 2020 09:38:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C78B8180954D; Tue, 21 Jul 2020 09:38:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 06L9au7k011796 for ; Tue, 21 Jul 2020 05:36:57 -0400 Received: by smtp.corp.redhat.com (Postfix) id CA35C2157F23; Tue, 21 Jul 2020 09:36:56 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C58812166B28 for ; Tue, 21 Jul 2020 09:36:54 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BC782800658 for ; Tue, 21 Jul 2020 09:36:54 +0000 (UTC) Received: from huawei.com (szxga06-in.huawei.com [45.249.212.32]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-11-gZFHWNRhOSW2d451Jgei7w-1; Tue, 21 Jul 2020 05:36:52 -0400 Received: from DGGEMS404-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 30511912B71E6FD602EB for ; Tue, 21 Jul 2020 17:21:29 +0800 (CST) Received: from huawei.com (10.174.185.107) by DGGEMS404-HUB.china.huawei.com (10.3.19.204) with Microsoft SMTP Server id 14.3.487.0; Tue, 21 Jul 2020 17:21:20 +0800 X-MC-Unique: xsB7E3oFNxKd--X7odb5Fg-1 X-MC-Unique: gZFHWNRhOSW2d451Jgei7w-1 From: Binfeng Wu To: Subject: [PATCH] mdev: fix daemon crash on reattach mdevs Date: Tue, 21 Jul 2020 17:21:10 +0800 Message-ID: <20200721092110.1798-1-wubinfeng@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.174.185.107] X-CFilter-Loop: Reflected X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 06L9au7k011796 X-loop: libvir-list@redhat.com X-Mailman-Approved-At: Tue, 21 Jul 2020 05:38:02 -0400 Cc: xieyingtai@huawei.com, Binfeng Wu X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Causing a crash when virMediatedDeviceListFindIndex because of some pointers in mgr->activeMediatedHostdevs become dangling=20 pointers if goto cleanup label in virMediatedDeviceListMarkDevices. Reproduction scenario: 1. start vm1 with mdev1 2. start vm2 with mdev2, mdev1 (the order cannot be changed) Backtrace: #0 0x0000ffffb8c36250 in strcmp #1 0x0000ffffb9b80754 in virMediatedDeviceListFindIndex #2 0x0000ffffb9b80870 in virMediatedDeviceListFind #3 0x0000ffffb9c9e168 in virHostdevReAttachMediatedDevices #4 0x0000ffff9949f724 in qemuHostdevReAttachMediatedDevices #5 0x0000ffff9949f7f8 in qemuHostdevReAttachDomainDevices #6 0x0000ffff994bcd70 in qemuProcessStop #7 0x0000ffff994bf4e0 in qemuProcessStart=20 ..... Signed-off-by: Binfeng Wu Reviewed-by: Erik Skultety --- src/util/virmdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virmdev.c b/src/util/virmdev.c index b8023dd991..26cb8300ff 100644 --- a/src/util/virmdev.c +++ b/src/util/virmdev.c @@ -439,7 +439,7 @@ virMediatedDeviceListMarkDevices(virMediatedDeviceListP= tr dst, =20 if (virMediatedDeviceIsUsed(mdev, dst) || virMediatedDeviceSetUsedBy(mdev, drvname, domname) < 0) - goto cleanup; + goto rollback; =20 /* Copy mdev references to the driver list: * - caller is responsible for NOT freeing devices in @src on succ= ess --=20 2.26.2.windows.1