[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.16] libxl: Don't segfault on soft-reset failure



commit c3cf5d0f3d173b59e09642e278f53820a52f3cef
Author:     Jason Andryuk <jandryuk@xxxxxxxxx>
AuthorDate: Wed Apr 6 10:19:33 2022 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Apr 6 10:19:33 2022 +0200

    libxl: Don't segfault on soft-reset failure
    
    If domain_soft_reset_cb can't rename the save file, it doesn't call
    initiate_domain_create() and calls domcreate_complete().
    
    Skipping initiate_domain_create() means dcs->console_wait is
    uninitialized and all 0s.
    
    We have:
      domcreate_complete()
        libxl__xswait_stop()
          libxl__ev_xswatch_deregister().
    
    The uninitialized slotnum 0 is considered valid (-1 is the invalid
    sentinel), so the NULL pointer path to passed to xs_unwatch() which
    segfaults.
    
    libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: 
deregister slotnum=0
    
    Move dcs->console_xswait initialization into the callers of
    initiate_domain_create, do_domain_create() and do_domain_soft_reset(),
    so it is initialized along with the other dcs state.
    
    Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support")
    Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx>
    Reviewed-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
    master commit: d2ecf97f911fc00a85b34b70ca311b5d355a9756
    master date: 2022-04-01 17:01:57 +0100
---
 tools/libs/light/libxl_create.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c
index 15ed021f41..885675591f 100644
--- a/tools/libs/light/libxl_create.c
+++ b/tools/libs/light/libxl_create.c
@@ -1255,8 +1255,6 @@ static void initiate_domain_create(libxl__egc *egc,
     libxl_domain_config *const d_config = dcs->guest_config;
     libxl__domain_build_state *dbs = &dcs->build_state;
 
-    libxl__xswait_init(&dcs->console_xswait);
-
     domid = dcs->domid;
     libxl__domain_build_state_init(dbs);
     dbs->restore = dcs->restore_fd >= 0;
@@ -2072,6 +2070,7 @@ static int do_domain_create(libxl_ctx *ctx, 
libxl_domain_config *d_config,
     cdcs->dcs.callback = domain_create_cb;
     cdcs->dcs.domid = INVALID_DOMID;
     cdcs->dcs.soft_reset = false;
+    libxl__xswait_init(&cdcs->dcs.console_xswait);
 
     if (cdcs->dcs.restore_params.checkpointed_stream ==
         LIBXL_CHECKPOINTED_STREAM_COLO) {
@@ -2172,6 +2171,7 @@ static int do_domain_soft_reset(libxl_ctx *ctx,
     cdcs->dcs.domid = domid;
     cdcs->dcs.soft_reset = true;
     cdcs->dcs.callback = domain_create_cb;
+    libxl__xswait_init(&cdcs->dcs.console_xswait);
     libxl__ao_progress_gethow(&srs->cdcs.dcs.aop_console_how,
                               aop_console_how);
     cdcs->domid_out = &domid_out;
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.