d89b3e
From 7854f0d28b2bd526ae27777aa6c97f0ab3443523 Mon Sep 17 00:00:00 2001
d89b3e
Message-Id: <7854f0d28b2bd526ae27777aa6c97f0ab3443523@dist-git>
d89b3e
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
d89b3e
Date: Wed, 28 Jan 2015 12:25:12 +0100
d89b3e
Subject: [PATCH] hotplug: only add a chardev to vmdef after monitor call
d89b3e
MIME-Version: 1.0
d89b3e
Content-Type: text/plain; charset=UTF-8
d89b3e
Content-Transfer-Encoding: 8bit
d89b3e
d89b3e
https://bugzilla.redhat.com/show_bug.cgi?id=1195155
d89b3e
d89b3e
This way the device is in vmdef only if ret = 0 and the caller
d89b3e
(qemuDomainAttachDeviceFlags) does not free it.
d89b3e
d89b3e
Otherwise it might get double freed by qemuProcessStop
d89b3e
and qemuDomainAttachDeviceFlags if the domain crashed
d89b3e
in monitor after we've added it to vm->def.
d89b3e
d89b3e
(cherry picked from commit 21e0e8866e341da74e296ca3cf2d97812e847a66)
d89b3e
Signed-off-by: Ján Tomko <jtomko@redhat.com>
d89b3e
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
d89b3e
---
d89b3e
 src/qemu/qemu_hotplug.c | 34 +++++++++++-----------------------
d89b3e
 1 file changed, 11 insertions(+), 23 deletions(-)
d89b3e
d89b3e
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
d89b3e
index 00ce77f..89757bc 100644
d89b3e
--- a/src/qemu/qemu_hotplug.c
d89b3e
+++ b/src/qemu/qemu_hotplug.c
d89b3e
@@ -1510,59 +1510,47 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
d89b3e
     virDomainDefPtr vmdef = vm->def;
d89b3e
     char *devstr = NULL;
d89b3e
     char *charAlias = NULL;
d89b3e
-    bool need_remove = false;
d89b3e
 
d89b3e
     if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
d89b3e
         virReportError(VIR_ERR_OPERATION_INVALID, "%s",
d89b3e
                        _("qemu does not support -device"));
d89b3e
-        return ret;
d89b3e
+        goto cleanup;
d89b3e
     }
d89b3e
 
d89b3e
     if (qemuAssignDeviceChrAlias(vmdef, chr, -1) < 0)
d89b3e
-        return ret;
d89b3e
+        goto cleanup;
d89b3e
 
d89b3e
     if (qemuBuildChrDeviceStr(&devstr, vm->def, chr, priv->qemuCaps) < 0)
d89b3e
-        return ret;
d89b3e
+        goto cleanup;
d89b3e
 
d89b3e
     if (virAsprintf(&charAlias, "char%s", chr->info.alias) < 0)
d89b3e
         goto cleanup;
d89b3e
 
d89b3e
-    if (qemuDomainChrInsert(vmdef, chr) < 0)
d89b3e
+    if (qemuDomainChrPreInsert(vmdef, chr) < 0)
d89b3e
         goto cleanup;
d89b3e
-    need_remove = true;
d89b3e
 
d89b3e
     qemuDomainObjEnterMonitor(driver, vm);
d89b3e
     if (qemuMonitorAttachCharDev(priv->mon, charAlias, &chr->source) < 0) {
d89b3e
-        if (qemuDomainObjExitMonitor(driver, vm) < 0) {
d89b3e
-            need_remove = false;
d89b3e
-            ret = -1;
d89b3e
-            goto cleanup;
d89b3e
-        }
d89b3e
+        ignore_value(qemuDomainObjExitMonitor(driver, vm));
d89b3e
         goto audit;
d89b3e
     }
d89b3e
 
d89b3e
     if (devstr && qemuMonitorAddDevice(priv->mon, devstr) < 0) {
d89b3e
         /* detach associated chardev on error */
d89b3e
         qemuMonitorDetachCharDev(priv->mon, charAlias);
d89b3e
-        if (qemuDomainObjExitMonitor(driver, vm) < 0) {
d89b3e
-            need_remove = false;
d89b3e
-            ret = -1;
d89b3e
-            goto cleanup;
d89b3e
-        }
d89b3e
+        ignore_value(qemuDomainObjExitMonitor(driver, vm));
d89b3e
         goto audit;
d89b3e
     }
d89b3e
-    if (qemuDomainObjExitMonitor(driver, vm) < 0) {
d89b3e
-        need_remove = false;
d89b3e
-        ret = -1;
d89b3e
-        goto cleanup;
d89b3e
-    }
d89b3e
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
d89b3e
+        goto audit;
d89b3e
 
d89b3e
+    qemuDomainChrInsertPreAlloced(vm->def, chr);
d89b3e
     ret = 0;
d89b3e
  audit:
d89b3e
     virDomainAuditChardev(vm, NULL, chr, "attach", ret == 0);
d89b3e
  cleanup:
d89b3e
-    if (ret < 0 && need_remove)
d89b3e
-        qemuDomainChrRemove(vmdef, chr);
d89b3e
+    if (ret < 0 && virDomainObjIsActive(vm))
d89b3e
+        qemuDomainChrInsertPreAllocCleanup(vm->def, chr);
d89b3e
     VIR_FREE(charAlias);
d89b3e
     VIR_FREE(devstr);
d89b3e
     return ret;
d89b3e
-- 
d89b3e
2.3.0
d89b3e