From nobody Mon Apr 29 02:45:38 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1611308758; cv=none;
	d=zohomail.com; s=zohoarc;
	b=mj7G9rl86Jpv7kQPqBU3QgR1icVte5moOT8/FpBhOyp1B7l0VZLz/4UxaVYB/GkUFfGBnyV27pAGn+Jyn5tYpesIt2qnEkI5+E3CTSUYfhYBOi41eoXe1OUF0DOgzN+Ion1YGm6d+uQC0afIjgOiKaCpJdglKT6JFpDEPpIj4QE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1611308758;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=5R3oBWrzZ31NGLor7BZ5dOP6kqUWXMVRgfnY9MBlZXI=;
	b=ZO+mWIE8v1eM214miv3NbJfY4POzWB2JeHa+OSvGMq3IXq34+IF9F9q0UYpUQp3V6QWJnE/xRcgWnb6gYJeJZgGuO9Ui7Puo1d4D3Yggn0b1lRqR6CqmgVXMnLx54Sre2ELwqOm3yqSm81SzIFy6VAfFtiEsXKfHvzgsuvXYniY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1611308758199814.9457794776553;
 Fri, 22 Jan 2021 01:45:58 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-427-K5wyu_FAMz-o--lB_BMiAA-1; Fri, 22 Jan 2021 04:45:54 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5034B1800D41;
	Fri, 22 Jan 2021 09:45:48 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8D6B72CFB1;
	Fri, 22 Jan 2021 09:45:47 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id F1E4B4A7C6;
	Fri, 22 Jan 2021 09:45:42 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
	[10.5.11.14])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 10M9jfb3023200 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 22 Jan 2021 04:45:41 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 69A855DA2D; Fri, 22 Jan 2021 09:45:41 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.194.195])
	by smtp.corp.redhat.com (Postfix) with ESMTP id DFD9C5D9FC
	for <libvir-list@redhat.com>; Fri, 22 Jan 2021 09:45:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1611308757;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=5R3oBWrzZ31NGLor7BZ5dOP6kqUWXMVRgfnY9MBlZXI=;
	b=RO/deOZ6LEDnQqHekR11MtKHjRK9ACgZPQQsFGYpygV7qs9VzK5Ng2Ykrw1E+uu4Ly4KRw
	PRJgIA89yxUCRchtSx6ebBes50MsNPkWwZIHOMRrlK9HiLz92xgZQECTnxxklnaISrD3tj
	H8JYGI9ErwtRC+86SlKtWuPvxOd8Nro=
X-MC-Unique: K5wyu_FAMz-o--lB_BMiAA-1
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH] qemu: Avoid crash in qemuStateShutdownPrepare() and
	qemuStateShutdownWait()
Date: Fri, 22 Jan 2021 10:45:36 +0100
Message-Id: 
 <867dc80cdb246f1410415f32ee4e12caab41f2ec.1611308730.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

If libvirtd is sent SIGTERM while it is still initializing, it
may crash. The following scenario was observed (using 'stress' to
slow down CPU so much that the window where the problem exists is
bigger):

1) The main thread is already executing virNetDaemonRun() and is
   in virEventRunDefaultImpl().
2) The thread that's supposed to run daemonRunStateInit() is
   spawned already, but daemonRunStateInit() is in its very early
   stage (in the stack trace I see it's executing
   virIdentityGetSystem()).

If SIGTERM (or any other signal that we don't override handler
for) arrives at this point, the main thread jumps out from
virEventRunDefaultImpl() and enters virStateShutdownPrepare()
(via shutdownPrepareCb which was set earlier). This iterates
through stateShutdownPrepare() callbacks of state drivers and
reaching qemuStateShutdownPrepare() eventually only to
dereference qemu_driver. But since thread 2) has not been
scheduled/not proceeded yet, qemu_driver was not allocated yet.

Solution is simple - just check if qemu_driver is not NULL. But
doing so only in qemuStateShutdownPrepare() would push the
problem down to virStateShutdownWait(), well
qemuStateShutdownWait(). Therefore, duplicate the trick there
too.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1895359#c14
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/qemu/qemu_driver.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 027617deef..ca4f366323 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1072,6 +1072,9 @@ qemuStateStop(void)
 static int
 qemuStateShutdownPrepare(void)
 {
+    if (!qemu_driver)
+        return 0;
+
     virThreadPoolStop(qemu_driver->workerPool);
     return 0;
 }
@@ -1091,6 +1094,9 @@ qemuDomainObjStopWorkerIter(virDomainObjPtr vm,
 static int
 qemuStateShutdownWait(void)
 {
+    if (!qemu_driver)
+        return 0;
+
     virDomainObjListForEach(qemu_driver->domains, false,
                             qemuDomainObjStopWorkerIter, NULL);
     virThreadPoolDrain(qemu_driver->workerPool);
--=20
2.26.2