Bug 994657 - libvirtd gets segmentation violation trying to access recently freed virDomainDefPtr
Summary: libvirtd gets segmentation violation trying to access recently freed virDomai...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-07 17:42 UTC by John Schmaus
Modified: 2013-08-07 20:18 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-08-07 20:18:12 UTC
Embargoed:


Attachments (Terms of Use)

Description John Schmaus 2013-08-07 17:42:47 UTC
Description of problem:
When trying to create a domain (using virt-install or virt-manager), libvirtd gets a segmentation violation and exits.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. run:
virt-install --name centos64 --ram 1024 -s 20 -f /dev/VolGroup00/lv_centos64 --location http://centralcity2.dr.avaya.com/centos64 --network bridge=avpublic
2.
3.

Actual results:
command exits with an exception: unexpected end of file while reading libvirtd's socket that was closed when libvirtd died from SIGSEGV.


Expected results:
libvirtd continues to create the domain and virt-install proceeds normally.


Additional info:
Here is the call sequence:
xenUnifiedDomainCreateXML -->
    def = virDomainDefParseString -->
        virDomainDefParse(def) -->
            virDomainDefParseNode(def) -->
                virDomainDefParseXML(def)
                return
            return
        return
    return
... call some other XML routines ...
xenDaemonCreateXML(def) -->
    virDomainDefFree(def)
    return
virGetDomain(def) <-- def is no longer usable and we get SIGSEGV
virDomainDefFree(def)

I fixed this by not calling virDomainDefFree inside xenDaemonCreateXML:

    - We will call virDomainDefFree from xenUnifiedDomainCreateXML after xenDaemonCraeteXML returns, anyway.
    - We are passing def to virGetDomain and aren't done with it yet.  This is where the SIGSEGV happens.

Comment 1 Eric Blake 2013-08-07 17:56:51 UTC
Can you post your patch upstream to libvir-list?

Comment 2 Eric Blake 2013-08-07 20:18:12 UTC
Already patched upstream for the upcoming 1.1.2 with this:

commit 9d0557b9655fe4a3f31af2e1cc2f33de8acfaa7d
Author: Stefan Bader <stefan.bader>
Date:   Wed Jul 31 11:59:21 2013 +0200

    xen: Avoid double free of virDomainDef in xenDaemonCreateXML
    
    The virDomainDef is allocated by the caller and also used after
    calling to xenDaemonCreateXML. So it must not get freed by the
    callee.
    
    Signed-off-by: Stefan Bader <stefan.bader>


Note You need to log in before you can comment on or make changes to this bug.