From nobody Fri Oct 18 08:51:37 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1718291628300619.6614561196662;
 Thu, 13 Jun 2024 08:13:48 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 480FF1230; Thu, 13 Jun 2024 11:13:47 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 34F781221;
	Thu, 13 Jun 2024 11:12:13 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id ADE53110A; Thu, 13 Jun 2024 11:12:07 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 7D98111F0
	for <devel@lists.libvirt.org>; Thu, 13 Jun 2024 11:11:55 -0400 (EDT)
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-682-0gAs0qZZPO6WkDUkWsPnRA-1; Thu,
 13 Jun 2024 11:11:53 -0400
Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id F102319560B8
	for <devel@lists.libvirt.org>; Thu, 13 Jun 2024 15:11:52 +0000 (UTC)
Received: from speedmetal.lan (unknown [10.45.242.20])
	by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 2D8651956058
	for <devel@lists.libvirt.org>; Thu, 13 Jun 2024 15:11:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1718291515;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=dQwnefW1FuddR/FfANPNaLU1iHgn5/y4oZgUDab/SvE=;
	b=L+ekEaGjMJC/lGrBAYtF8hwJgAC7OrvHA3h9vwRB96uf9YIjtkxaOD79XW4e7tDqdxvRZX
	TUfWSvbgEofTyT2J9wwi1vMin7wnFi6nUXOYQ2AImI13ulr/a9IX/sc1enHtW/iwVMie0A
	FzeI55BGpAok2yJD+ZRTh/0hDZxt3m0=
X-MC-Unique: 0gAs0qZZPO6WkDUkWsPnRA-1
From: Peter Krempa <pkrempa@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 05/12] qemuProcessStop: Prevent crash when
 qemuDomainObjStopWorker() unlocks the VM
Date: Thu, 13 Jun 2024 17:11:37 +0200
Message-ID: 
 <d9291b920264ab073433cd75a1949ab62fcb1379.1718291410.git.pkrempa@redhat.com>
In-Reply-To: <cover.1718291410.git.pkrempa@redhat.com>
References: <cover.1718291410.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: LP573DSR36QMJ5OABPUGBVSJQDWBPIXN
X-Message-ID-Hash: LP573DSR36QMJ5OABPUGBVSJQDWBPIXN
X-MailFrom: pkrempa@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/LP573DSR36QMJ5OABPUGBVSJQDWBPIXN/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1718291629815100001
Content-Type: text/plain; charset="utf-8"

'qemuDomainObjStopWorker()' which is meant to dispose of the event loop
thread for the monitor unlocks the VM object while disposing the thread
to prevent possible deadlocks with events waiting on the monitor thread.

Unfortunately 'qemuDomainObjStopWorker()' is called *before* the VM is
marked as inactive by clearing 'vm->def->id', but at the same time it's
no longer marked as 'beingDestroyed' when we're inside
'qemuProcessStop()'.

If 'vm' would be kept locked this wouldn't be a problem. Same way it's
not a problem for anything that uses non-ASYNC VM jobs, or when the
monitor is accessed in an async job, as the 'destroy' job interlocks
with those.

It is a problem for code inside an async job which uses
'qemuDomainObjWait()' though. The API contract of qemuDomainObjWait()
ensures the caller that the VM on successful return from it, but in this
specific reason it's not the case, as both 'beingDestroyed' is already
false, and 'vm->def->id' is not yet cleared.

To fix the issue move the 'qemuDomainObjStopWorker()' call *after*
clearing 'vm->def->id' and also add a note stating what the function is
doing.

Fixes: 860a999802d3c82538373bb3f314f92a2e258754
Closes: https://gitlab.com/libvirt/libvirt/-/issues/640
Reported-by: grass-lu <https://gitlab.com/grass-lu>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_process.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 7ef7040a85..aef83d2409 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8527,8 +8527,6 @@ void qemuProcessStop(virQEMUDriver *driver,
         g_clear_pointer(&priv->monConfig, virObjectUnref);
     }

-    qemuDomainObjStopWorker(vm);
-
     /* Remove the master key */
     qemuDomainMasterKeyRemove(priv);

@@ -8562,6 +8560,11 @@ void qemuProcessStop(virQEMUDriver *driver,
     /* Wake up anything waiting on domain condition */
     virDomainObjBroadcast(vm);

+    /* IMPORTANT: qemuDomainObjStopWorker() unlocks @vm in order to prevent
+     * deadlocks with the per-VM event loop thread. This MUST be done after
+     * marking the VM as dead */
+    qemuDomainObjStopWorker(vm);
+
     virFileDeleteTree(priv->libDir);
     virFileDeleteTree(priv->channelTargetDir);

--=20
2.45.2