From nobody Tue Nov 11 07:10:54 2025 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1569601155; cv=none; d=zoho.com; s=zohoarc; b=cJa8fSSve0huIyGddFSpkJNYT9WiVXy4G51cXM6v0bhiBuZEZF1WXWbS1KyzNCTHUgSf5eXKMAEVahP2BoQXdg5ziv842x0wuRRswNunGSB9ZVCGvwY+9QOhoJMrWBULPpvCfWIjSy8KKqvDdF+yp1twRMw5SOAR1umGavVinB0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569601155; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=MSjcUE4KrAiPDePglKiBljX9gTqOF/tfQjs1kwG/SRE=; b=mnK6qG2PUIWlaFfjwfhyzMT7jlwUG1uBoN/Qksu1xstHh6D+VQ5hAik8N8f6J3E+xSPSRSif9x7yiylQ20/pGvhBI0yvKqjRnJEbxFWiRyNEKVvGg2cJif4Go2NrnIjhg8d3tEKOugk/gXeMSbpWx9ylL5LYRiV6UF3pZVV2PII= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1569601154569922.7462209150375; Fri, 27 Sep 2019 09:19:14 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDswa-0002U3-0U; Fri, 27 Sep 2019 16:18:08 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDswY-0002T7-87 for xen-devel@lists.xenproject.org; Fri, 27 Sep 2019 16:18:07 +0000 Received: from mo6-p00-ob.smtp.rzone.de (unknown [2a01:238:20a:202:5300::6]) by localhost (Halon) with ESMTPS id 5fe1c1ac-e142-11e9-b588-bc764e2007e4; Fri, 27 Sep 2019 16:18:01 +0000 (UTC) Received: from sender by smtp.strato.de (RZmta 44.28.0 AUTH) with ESMTPSA id j06a90v8RGHnEU3 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Fri, 27 Sep 2019 18:17:49 +0200 (CEST) X-Inumbo-ID: 5fe1c1ac-e142-11e9-b588-bc764e2007e4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1569601080; s=strato-dkim-0002; d=aepfle.de; h=Message-Id:Date:Subject:Cc:To:From:X-RZG-CLASS-ID:X-RZG-AUTH:From: Subject:Sender; bh=+LqA3RdCHozXgYfWDdpeb4PStAKTCTOLXtoCcFUJKVM=; b=aUOJ5uvreCBzXSm/N6HoUaFFOEu17Cy+2nX8hefl635A0562qwZbKtl3Tq8/C9DGEj ve/rMFN4QQurGjhRXMoM4r0Z+CTS6BuoHvBfaUY2JwPd+TyKIjRuBereZagH9rzN+0Rq 6nJkxRqDgHcg7WKi2j81V2r5mk+QOROERkjbQxyXjxFrkgv1l3U1qh0upBVUoJgeySfj P0reHKkDxxWS7rs3ijAs/cg5Jo0DgxyZs3x5aNdO8OueyAn3NhylBKQ7Kau2+8CsUX4a 4/B5hUCy3GZYJNh6AEUJzRt2trysUPod/rHR8amJE+uU9g7cVRTO2FKxI6SZ2fnqzduk UWkA== X-RZG-AUTH: ":P2EQZWCpfu+qG7CngxMFH1J+3q8wa/QXkBR9MXjAuznLRsvz6zGrN/JP2665" X-RZG-CLASS-ID: mo00 From: Olaf Hering To: xen-devel@lists.xenproject.org Date: Fri, 27 Sep 2019 18:17:46 +0200 Message-Id: <20190927161746.25902-1-olaf@aepfle.de> X-Mailer: git-send-email 2.16.4 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v1] libxl: fix crash in helper_done due to uninitialized data X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Anthony PERARD , Olaf Hering , Ian Jackson , Wei Liu Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) A crash in helper_done, called from libxl_domain_suspend, was reported, triggered by 'virsh migrate --live xen+ssh://host': #1 helper_done (...) at libxl_save_callout.c:371 helper_failed helper_stop libxl__save_helper_abort #2 check_all_finished (..., rc=3D-3) at libxl_stream_write.c:671 stream_done stream_complete write_done dc->callback =3D=3D write_done efd->func =3D=3D datacopier_writable #3 afterpoll_internal (...) at libxl_event.c:1269 This is triggered by a failed poll, the actual error was: libxl_aoutils.c:328:datacopier_writable: unexpected poll event 0x1c on fd 3= 7 (should be POLLOUT) writing libxc header during copy of save v2 stream In this case revents in datacopier_writable is POLLHUP|POLLERR|POLLOUT, which triggers datacopier_callback. In helper_done, shs->completion_callback is still zero. libxl__xc_domain_save fills dss.sws.shs. But that function is only called after stream_header_done. Any error before that will leave dss partly uninitialized. Fix this crash by checking if ->completion_callback is valid. Signed-off-by: Olaf Hering --- tools/libxl/libxl_save_callout.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/libxl/libxl_save_callout.c b/tools/libxl/libxl_save_call= out.c index 6452d70036..89a2f6ecf0 100644 --- a/tools/libxl/libxl_save_callout.c +++ b/tools/libxl/libxl_save_callout.c @@ -366,8 +366,9 @@ static void helper_done(libxl__egc *egc, libxl__save_he= lper_state *shs) assert(!libxl__save_helper_inuse(shs)); =20 shs->egc =3D egc; - shs->completion_callback(egc, shs->caller_state, - shs->rc, shs->retval, shs->errnoval); + if (shs->completion_callback) + shs->completion_callback(egc, shs->caller_state, + shs->rc, shs->retval, shs->errnoval); shs->egc =3D 0; } =20 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel