From f2a4e5f176c408fd2db79ed08b2a7d32a52d35a2 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Wed, 9 Jan 2013 12:33:45 +0100 Subject: [PATCH] qemu_agent: Remove agent reference only when disposing it https://bugzilla.redhat.com/show_bug.cgi?id=892079 With current code, if user calls virDomainPMSuspendForDuration() followed by virDomainDestroy(), the former API checks for qemu agent presence, which will evaluate as true (if agent is configured). While talking to qemu agent, the qemu driver is unlocked, so the latter API starts executing. However, if machine dies meanwhile, libvirtd gets EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The handler clears reference to qemu agent while the destroy API already holding a reference to it. This leads to NULL dereferencing later in the code. Therefore, the agent pointer should be set to NULL only if we are the exclusive owner of it. --- src/qemu/qemu_process.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 938c17efcf..320c0c694b 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -133,7 +133,8 @@ qemuProcessHandleAgentEOF(qemuAgentPtr agent, virDomainObjLock(vm); priv = vm->privateData; - if (priv->agent == agent) + if (priv->agent == agent && + !virObjectUnref(priv->agent)) priv->agent = NULL; virDomainObjUnlock(vm);