git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Wen Congyang <wency@cn.fujitsu.com>
	Wed, 16 Mar 2011 09:01:23 +0000 (17:01 +0800)
committer	Laine Stump <laine@laine.org>
	Fri, 18 Mar 2011 05:26:31 +0000 (01:26 -0400)
commit	d5df67be3c5d7a70bd2018fa5267733f23b1ae5d
tree	943631fba54d8edc23752dd0f11fc882aea4e50d	tree \| snapshot
parent	e2aec53b9706bc2872cb1ce6d0ceecceda762649	commit \| diff

do not unref obj in qemuDomainObjExitMonitor*

Steps to reproduce this bug:
# cat test.sh
  #! /bin/bash -x
  virsh start domain
  sleep 5
  virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
# while true; do ./test.sh ; done

Then libvirtd will crash.

The reason is that:
we add a reference of obj when we open the monitor. We will reduce this
reference when we free the monitor.

If the reference of monitor is 0, we will free monitor automatically and
the reference of obj is reduced.

But in the function qemuDomainObjExitMonitorWithDriver(), we reduce this
reference again when the reference of monitor is 0.

It will cause the obj be freed in the function qemuDomainObjEndJob().

Then we start the domain again, and libvirtd will crash in the function
virDomainObjListSearchName(), because we pass a null pointer(obj->def->name)
to strcmp().

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>