From nobody Tue Feb 10 12:58:17 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=quarantine dis=quarantine) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1681228228; cv=none; d=zohomail.com; s=zohoarc; b=DFf4wtr7e4ldvGcKiUFzdpyNVQc/FHVQ/+seZdH3VQIxwbo4ifLiTtrn35me6DKwmamMzDbx4Po8A7uuSF24XHZoJ435COZ7ejWbvNoehktj0pOTQno9AwKjNoEksOeMbvx6pjwPheEWJzjhampGkE0vK8RAtKVBgACRU4T6vXM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1681228228; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=9PiyQfhLRyKIhSiIp1W+V91XD2N9KET+w92KgrP5dEs=; b=YmN26F1R7n7YrpvmREkxEwvMdl+S1oqz5ooHjXT/uiw4Y7OYlkOa/bUDE/SNv+ono3kS6VPoxWvLewIgmaM8clzpwzSfrheE6+jg0UuwZUbkJ9PYsfJaGTyAfk2Y+dr2v6yoRQaKOp3fsorRn1rg3DnkdWw59bZ7fe986A3uxVY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=quarantine dis=quarantine) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1681228228928434.64854016664015; Tue, 11 Apr 2023 08:50:28 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-148-NTCpg15VOgWMkrPPEKlZgw-1; Tue, 11 Apr 2023 11:50:22 -0400 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CFFE73804531; Tue, 11 Apr 2023 15:50:19 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 137FB492C13; Tue, 11 Apr 2023 15:50:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id F29E419466DF; Tue, 11 Apr 2023 15:50:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4E5641946586 for ; Tue, 11 Apr 2023 15:47:37 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 2C30C1121331; Tue, 11 Apr 2023 15:47:37 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 230B41121320 for ; Tue, 11 Apr 2023 15:47:37 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 027EB858F0E for ; Tue, 11 Apr 2023 15:47:37 +0000 (UTC) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2089.outbound.protection.outlook.com [40.107.22.89]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-205-qs1eY1W_NSOFRM6uAfrJLQ-2; Tue, 11 Apr 2023 11:47:35 -0400 Received: from DB7PR04MB5980.eurprd04.prod.outlook.com (2603:10a6:10:88::11) by AS8PR04MB8707.eurprd04.prod.outlook.com (2603:10a6:20b:42a::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.38; Tue, 11 Apr 2023 15:47:33 +0000 Received: from DB7PR04MB5980.eurprd04.prod.outlook.com ([fe80::8aa:d5fa:90b1:1e6e]) by DB7PR04MB5980.eurprd04.prod.outlook.com ([fe80::8aa:d5fa:90b1:1e6e%3]) with mapi id 15.20.6277.038; Tue, 11 Apr 2023 15:47:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1681228227; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=9PiyQfhLRyKIhSiIp1W+V91XD2N9KET+w92KgrP5dEs=; b=dkBiN0P/6tDrARvBLQlB2b5AxYLr8WtbDKLDlEiBByeynaZq0Ma5Nny4Tk/VlZlEM/YwlX vGNmu0hoXQsS9ANrv48tmMZ8LTCxMVlzrbTYfT+34WpVdmuMOrMsx65aZV8BMybdOy5Kbn QfQC1Ya4l7LRLNsFJ/RCRJLDhdVGmhE= X-MC-Unique: NTCpg15VOgWMkrPPEKlZgw-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: qs1eY1W_NSOFRM6uAfrJLQ-2 From: Jim Fehlig To: libvir-list@redhat.com Subject: [PATCH] qemu: Fix potential crash during driver cleanup Date: Tue, 11 Apr 2023 09:47:28 -0600 Message-ID: <20230411154728.4365-1-jfehlig@suse.com> X-ClientProxiedBy: FR0P281CA0109.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a8::9) To DB7PR04MB5980.eurprd04.prod.outlook.com (2603:10a6:10:88::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB7PR04MB5980:EE_|AS8PR04MB8707:EE_ X-MS-Office365-Filtering-Correlation-Id: fe7140b0-019c-4d88-1923-08db3aa410c8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: 266hilTRYr+Cc4fhzP55v+7LokJbsn3Sfoq/cmR032XjFgN0UeEofIU/BNFOgDBjdS0dz2qO7kP498oxrUxpro83TJdCdLpfoBgIjeW0xOuI3ndSwvpEB/1EMmGXWpzYBwGF8ZKSYMEIHXkMoa5pnxwQjT50NvxgLy9huP8V3bZf294j939+4b2tSGl5ZGZGIl4u6laNmpC0pYinXSJ+veumVLAb393dJypsJlQqLtjResxcEXJE+I+Ie0hamm3KoBozo/NnYJvyQYWTunBKYxb5OutOsXQaIVPwD6d9zLjZvUly6VEg+6CwNJNmjS5PFK31h6zMrvk+OjtBWHTnoacFnz+CgbUNA4+I2z6iQiupqTCCCdfftZ3aVXdPH3VtW9TgIl3JrsOaDPfLKp/G3O4ZEiwFPuiKHPE/Ct8riyHtK125hF63EnlzjluVBx7RW7Z/uupVvov//lulTLcPUt3czVzUawV6496eDLF5R1jLNt0ecq7Difk0BXEqUSoBTW4qeqrc+/tjmzXJ50YidqB7gPxqPzDJcq/aByiq1cLkNXtkdAa++zQEjGiMzAKe X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR04MB5980.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(366004)(396003)(346002)(136003)(376002)(39860400002)(451199021)(478600001)(6512007)(1076003)(26005)(316002)(6506007)(186003)(2906002)(5660300002)(66946007)(41300700001)(8676002)(6666004)(6916009)(66476007)(6486002)(8936002)(66556008)(86362001)(83380400001)(36756003)(2616005)(38100700002); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?w72MRut7lrCLi5gF2xTdt8MiluUeu2o7KFprYrRNNu1zkd9fKOxcR/4yj3kg?= =?us-ascii?Q?99vSYvl4npI5TlkIo6mVSpzO13pEwchksYkIO80EiiCbRIhrbOTjfxEPl/Oz?= =?us-ascii?Q?Zan3mRfMxH88MYBHhuJV1Qv08qjDUFvA2Thi/YaTumhnMnqAYye8pDQ+rLwD?= =?us-ascii?Q?9iHyPLrB1Y92iLQ8WqxEqq3f33SEjvUcKZKEnW2+5jba1291ca7fwOCxOtXA?= =?us-ascii?Q?VjNB2fIwRF0xvddqOuepfVv1hI25F/r4Mow/2KOLwAB1ajnxQGpiZ6N2cCcf?= =?us-ascii?Q?IvWcX8eVBUnJo4eNYZZM14sHRTHfLm5si9H7VJ9fVkTvTb+VgkQX3YAMf25z?= =?us-ascii?Q?Ns2u6LVClrrQaLDaiy0R9bpK5F+OELqm7850DVISuMNk358JGhPoGOfmlVxS?= =?us-ascii?Q?5GP6JCpVaKNhQZEppgNw5Z68fNZFkwX/OcknPljlThLCUEWBf8j/3oFPmeRf?= =?us-ascii?Q?K3SnxgtmJ1moWGs5suJlnGRzsZ3oOJwVOub1IEhES9Z/UyZ4BXbNGneCl3bN?= =?us-ascii?Q?AEO62ac4dazkBDnVkpGv/tm8MHjYqr4yLWLjzwqIkntOeXNcViURLD1SqtIp?= =?us-ascii?Q?JXdb5eGM3fiYCiMqgjrIfRsAsRYT6g/Qsux3MNCO/IBGlYKyrEJB9pw4tvEo?= =?us-ascii?Q?HUOd6lelZ5b2ibermeg0hw/6Z5z9qc9ookYW6s/XSuDY2EJwnMkLlmo9VzXg?= =?us-ascii?Q?zXEcxszbO53bTeeZx/PkpMbBNOgUDSi0YZ8IVyL8xgq+g0OrrjVL4//Hnm74?= =?us-ascii?Q?a5y2Xn6QBLgIJWr8ptjteKORuW2eFFV50MOGcUaakpOnhhGjZyCilDij/S9a?= =?us-ascii?Q?Tvd/sK+5EyjqDqQ0VklZsEgZK4uahn0DDPGayQG3dAIhXRl+jgozLTmZdfcB?= =?us-ascii?Q?VDHgeLTpcaCBEOM6DfU09aOE2MrHlK6EpVpuZsfXfQj/VJpOGFUDMEpZh2nm?= =?us-ascii?Q?NC9nFc0WPq199XFPThL0E/zEpODcJ8DbaJsNbNlRcUTRvpto8CM9/iNZyiud?= =?us-ascii?Q?efimayIiik+dQmlyjJdlXzy4Y5oZ8zCZ9CJVEAeloSmoFsvnhnpFTyg4BVBv?= =?us-ascii?Q?FEqOzjv2GinfVhEFfwIssB3I8T18hhhIKKsbmgQzYav2K9DCsdOvimtC0+xy?= =?us-ascii?Q?GOI11fu1OOQoWf5eg79IoZ6+a5RhtLh6VukE4pqG9J+vVrioJBCAF1e+Akfg?= =?us-ascii?Q?jHVuBT97d/IPgWZokoQxbZFJ8fjPjM32GfFzRTZtw3vOogjwiTGtLpFpECq3?= =?us-ascii?Q?DzLgnUb7MrvFItiZkim82ZAnzZ0Rj+TttJiprJnrN4X8mS86XIFwOm6lMJBW?= =?us-ascii?Q?MPGqAkDlC321cfNbfIfoit6KQFBQzHsHxzn8NAt1eMWfouTlJ7r3I826QH07?= =?us-ascii?Q?XBA3aqhVWtPUvFvY17S2OWPZq2fFlZ3QRmpmAxWdOlAiwMhthhF9G8MrHH8X?= =?us-ascii?Q?T051k9M3vCtDf7+wI51faZnpYsyBZgUTjVB1bNCnpWgashKSH1+N6SQDZ3Mx?= =?us-ascii?Q?Nxx9l2335UosJcRnuA5O3XjgY3seh0p01TMhV50/oJzSSae76yiP+u311czl?= =?us-ascii?Q?407VfC63E35WFUlpT082OHhYtUMlxSUpyhulQBto?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: fe7140b0-019c-4d88-1923-08db3aa410c8 X-MS-Exchange-CrossTenant-AuthSource: DB7PR04MB5980.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Apr 2023 15:47:33.4584 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4M3S8gGAVAP4fR4Ul/dV/10PVyPtnMiYzgx6EK782P5BVSDVQjDgJ1seeJcHwhHjcsO55MTusRvMzMiD64iHCw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8707 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: suse.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1681228231430100001 Content-Type: text/plain; charset="utf-8" During qemu driver shutdown, objects are freed in qemuStateCleanup that could still be used by active worker threads, resulting in crashes. E.g. a worker thread could be processing a monitor EOF event after the security manager is already disposed Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fd9a9a1e1fe in virSecurityManagerMoveImageMetadata (mgr=3D0x7fd9= 48012160, pid=3D-1, src=3Dsrc@entry=3D0x7fd98c072c90, dst=3Ddst@entry=3D0x0) at ../../src/security/security_manager.c:468 #1 0x00007fd9646ff0f0 in qemuSecurityMoveImageMetadata (driver=3Ddriver@en= try=3D0x7fd948043830, vm=3Dvm@entry=3D0x7fd98c066db0, src=3Dsrc@entry=3D0x7= fd98c072c90, dst=3Ddst@entry=3D0x0) at ../../src/qemu/qemu_security.c:182 #2 0x00007fd96462c7b0 in qemuBlockRemoveImageMetadata (driver=3Ddriver@ent= ry=3D0x7fd948043830, vm=3Dvm@entry=3D0x7fd98c066db0, diskTarget=3D0x7fd98c0= 72530 "vda", src=3D) at ../../src/qemu/qemu_block.c:2628 #3 0x00007fd9646929d6 in qemuProcessStop (driver=3Ddriver@entry=3D0x7fd948= 043830, vm=3Dvm@entry=3D0x7fd98c066db0, reason=3Dreason@entry=3DVIR_DOMAIN_= SHUTOFF_SHUTDOWN, asyncJob=3DasyncJob@entry=3DQEMU_ASYNC_JOB_NONE, flags=3D) at ../../src/qemu/qemu_process.c:7585 #4 0x00007fd9646fc842 in processMonitorEOFEvent (vm=3D0x7fd98c066db0, driv= er=3D0x7fd948043830) at ../../src/qemu/qemu_driver.c:4794 #5 qemuProcessEventHandler (data=3D0x561a93febb60, opaque=3D0x7fd948043830= ) at ../../src/qemu/qemu_driver.c:4900 #6 0x00007fd9a9971a31 in virThreadPoolWorker (opaque=3Dopaque@entry=3D0x56= 1a93fb58e0) at ../../src/util/virthreadpool.c:163 (gdb) p mgr->drv $2 =3D (virSecurityDriverPtr) 0x0 Prior to commit 7cf76d4e3ab, the worker thread pool was freed before disposing any driver objects. Let's return to that pattern, but leave the other changes made by 7cf76d4e3ab. Signed-off-by: Jim Fehlig Reviewed-by: Martin Kletzander --- src/qemu/qemu_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b4fb7ec1df..28e470e4a2 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -1062,6 +1062,7 @@ qemuStateCleanup(void) if (!qemu_driver) return -1; =20 + virThreadPoolFree(qemu_driver->workerPool); virObjectUnref(qemu_driver->migrationErrors); virLockManagerPluginUnref(qemu_driver->lockManager); virSysinfoDefFree(qemu_driver->hostsysinfo); @@ -1078,7 +1079,6 @@ qemuStateCleanup(void) ebtablesContextFree(qemu_driver->ebtables); VIR_FREE(qemu_driver->qemuImgBinary); virObjectUnref(qemu_driver->domains); - virThreadPoolFree(qemu_driver->workerPool); =20 if (qemu_driver->lockFD !=3D -1) virPidFileRelease(qemu_driver->config->stateDir, "driver", qemu_dr= iver->lockFD); --=20 2.40.0