Xen project Mailing List

[PATCH] libxl: Don't segfault on soft-reset failure

From: Jason Andryuk <jandryuk@xxxxxxxxx>

Date: Wed, 30 Mar 2022 14:17:27 -0400

Cc: Jason Andryuk <jandryuk@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>

Delivery-date: Wed, 30 Mar 2022 18:17:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

If domain_soft_reset_cb can't rename the save file, it doesn't call initiate_domain_create() and calls domcreate_complete(). Skipping initiate_domain_create() means dcs->console_wait is uninitialized and all 0s. We have: domcreate_complete() libxl__xswait_stop() libxl__ev_xswatch_deregister(). The uninitialized slotnum 0 is considered valid (-1 is the invalid sentinel), so the NULL pointer path to passed to xs_unwatch() which segfaults. libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0 Ensure dcs->console_xswait is minimally initialized by calling libxl__xswait_init() in do_domain_soft_reset(). Also add a check for dcs->console_xswait.path being NULL in domcreate_complete() to avoid the segfault. Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx> --- The NULL check in domcreate_complete isn't needed when the xswait is initialized, but it could catch other occurances. tools/libs/light/libxl_create.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 15ed021f41..631caa416d 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1970,7 +1970,8 @@ static void domcreate_complete(libxl__egc *egc, libxl_domain_config *const d_config = dcs->guest_config; libxl_domain_config *d_config_saved = &dcs->guest_config_saved; - libxl__xswait_stop(gc, &dcs->console_xswait); + if (dcs->console_xswait.path) + libxl__xswait_stop(gc, &dcs->console_xswait); libxl__domain_build_state_dispose(&dcs->build_state); @@ -2176,6 +2177,10 @@ static int do_domain_soft_reset(libxl_ctx *ctx, aop_console_how); cdcs->domid_out = &domid_out; + /* Initialize in case we end up in domcreate_complete without calling + * initiate_domain_create. */ + libxl__xswait_init(&cdcs->dcs.console_xswait); + dom_path = libxl__xs_get_dompath(gc, domid); if (!dom_path) { LOGD(ERROR, domid, "failed to read domain path"); -- 2.35.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.