diff --git a/Fix-potential-crash-during-driver-cleanup.patch b/Fix-potential-crash-during-driver-cleanup.patch new file mode 100644 index 0000000000000000000000000000000000000000..ed8ec7d658029272c1e1a56b2f6a74f5ae880be5 --- /dev/null +++ b/Fix-potential-crash-during-driver-cleanup.patch @@ -0,0 +1,58 @@ +From: Jim Fehlig +Date: Tue, 11 Apr 2023 09:15:43 -0600 +Subject: [PATCH] qemu: Fix potential crash during driver cleanup + +During qemu driver shutdown, objects are freed in qemuStateCleanup that +could still be used by active worker threads, resulting in crashes. E.g. +a worker thread could be processing a monitor EOF event after the +security manager is already disposed + +Program terminated with signal SIGSEGV, Segmentation fault. +#0 0x00007fd9a9a1e1fe in virSecurityManagerMoveImageMetadata (mgr=0x7fd948012160, pid=-1, src=src@entry=0x7fd98c072c90, dst=dst@entry=0x0) + at ../../src/security/security_manager.c:468 +#1 0x00007fd9646ff0f0 in qemuSecurityMoveImageMetadata (driver=driver@entry=0x7fd948043830, vm=vm@entry=0x7fd98c066db0, src=src@entry=0x7fd98c072c90, + dst=dst@entry=0x0) at ../../src/qemu/qemu_security.c:182 +#2 0x00007fd96462c7b0 in qemuBlockRemoveImageMetadata (driver=driver@entry=0x7fd948043830, vm=vm@entry=0x7fd98c066db0, diskTarget=0x7fd98c072530 "vda", + src=) at ../../src/qemu/qemu_block.c:2628 +#3 0x00007fd9646929d6 in qemuProcessStop (driver=driver@entry=0x7fd948043830, vm=vm@entry=0x7fd98c066db0, reason=reason@entry=VIR_DOMAIN_SHUTOFF_SHUTDOWN, + asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_NONE, flags=) at ../../src/qemu/qemu_process.c:7585 +#4 0x00007fd9646fc842 in processMonitorEOFEvent (vm=0x7fd98c066db0, driver=0x7fd948043830) at ../../src/qemu/qemu_driver.c:4794 +#5 qemuProcessEventHandler (data=0x561a93febb60, opaque=0x7fd948043830) at ../../src/qemu/qemu_driver.c:4900 +#6 0x00007fd9a9971a31 in virThreadPoolWorker (opaque=opaque@entry=0x561a93fb58e0) at ../../src/util/virthreadpool.c:163 +(gdb) p mgr->drv +$2 = (virSecurityDriverPtr) 0x0 + +Prior to commit 7cf76d4e3ab, the worker thread pool was freed before +disposing any driver objects. Let's return to that pattern, but leave +the other changes made by 7cf76d4e3ab. + +Signed-off-by: Tamara Schmitz +Signed-off-by: Jim Fehlig +Reviewed-by: Martin Kletzander +--- + src/qemu/qemu_driver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 32b3ef3..7a70d6c 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -1120,6 +1120,7 @@ qemuStateCleanup(void) + if (!qemu_driver) + return -1; + ++ virThreadPoolFree(qemu_driver->workerPool); + virObjectUnref(qemu_driver->migrationErrors); + virObjectUnref(qemu_driver->closeCallbacks); + virLockManagerPluginUnref(qemu_driver->lockManager); +@@ -1139,7 +1140,6 @@ qemuStateCleanup(void) + ebtablesContextFree(qemu_driver->ebtables); + VIR_FREE(qemu_driver->qemuImgBinary); + virObjectUnref(qemu_driver->domains); +- virThreadPoolFree(qemu_driver->workerPool); + + if (qemu_driver->lockFD != -1) + virPidFileRelease(qemu_driver->config->stateDir, "driver", qemu_driver->lockFD); +-- +2.33.0 + diff --git a/libvirt.spec b/libvirt.spec index e4d0d0ae0d919cfa75a58a2a7b7b6a0d99a3c032..d98ed73fcc91ee4f4a691bb4fccc50c114bcb1f1 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -101,7 +101,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 6.2.0 -Release: 54 +Release: 55 License: LGPLv2+ URL: https://libvirt.org/ @@ -477,6 +477,7 @@ Patch0364: backport-virhostcpu-Fix-build-with-clang-and-newest-kernel-he.patch Patch0365: backport-meson-drop-debug_logs-configure-argument.patch Patch0366: backport-vshCommandStringGetArg-Drop-sz.patch Patch0367: bugfix-fix-warnings-found-by-clang.patch +Patch0368: Fix-potential-crash-during-driver-cleanup.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2213,6 +2214,9 @@ exit 0 %changelog +* Fri Apr 21 2023 tianyuan - 6.2.0-55 +- bugfix: Fix potential crash during driver cleanup + * Tue Apr 04 2023 Chenxi Mao - 6.2.0-54 - bugfix: Fix build error if compiler switch to clang.