From: Jim Fehlig Date: Fri, 29 Oct 2021 14:16:33 -0600 Subject: libxl: Disable death events after receiving a shutdown event The libxl driver will handle all domain destruction and cleanup when receiving a domain shutdown event from libxl. Commit fa30ee04a2a introduced the ignoreDeathEvent boolean in the DomainObjPrivate struct to ignore subsequent death events from libxl. But libxl already provides a mechanism to disable death events via libxl_evdisable_domain_death. This patch partially reverts commit fa30ee04a2a and instead uses libxl_evdisable_domain_death to disable subsequent death events when processing a shutdown event. Signed-off-by: Jim Fehlig Reviewed-by: Daniel P. Berrangé Reviewed-by: Ján Tomko Origin: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195 Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147 Bug-Debian: https://bugs.debian.org/1002535 --- src/libxl/libxl_domain.c | 23 +++++------------------ src/libxl/libxl_domain.h | 3 --- 2 files changed, 5 insertions(+), 21 deletions(-) diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c index 63938d5..f97c6da 100644 --- a/src/libxl/libxl_domain.c +++ b/src/libxl/libxl_domain.c @@ -614,12 +614,6 @@ static void libxlDomainHandleDeath(libxlDriverPrivatePtr driver, virDomainObjPtr vm) { virObjectEventPtr dom_event = NULL; - libxlDomainObjPrivatePtr priv = vm->privateData; - - if (priv->ignoreDeathEvent) { - priv->ignoreDeathEvent = false; - return; - } if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0) return; @@ -667,7 +661,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event) } if (event->type == LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN) { - libxlDomainObjPrivatePtr priv = vm->privateData; struct libxlShutdownThreadInfo *shutdown_info = NULL; virThread thread; g_autofree char *name = NULL; @@ -684,12 +677,9 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event) name = g_strdup_printf("ev-%d", event->domid); /* * Cleanup will be handled by the shutdown thread. - * Ignore the forthcoming death event from libxl */ - priv->ignoreDeathEvent = true; if (virThreadCreateFull(&thread, false, libxlDomainShutdownThread, name, false, shutdown_info) < 0) { - priv->ignoreDeathEvent = false; /* * Not much we can do on error here except log it. */ @@ -813,18 +803,17 @@ libxlDomainDestroyInternal(libxlDriverPrivatePtr driver, libxlDomainObjPrivatePtr priv = vm->privateData; int ret = -1; - /* Ignore next LIBXL_EVENT_TYPE_DOMAIN_DEATH as the caller will handle - * domain death appropriately already (having more info, like the reason). - */ - priv->ignoreDeathEvent = true; + if (priv->deathW) { + libxl_evdisable_domain_death(cfg->ctx, priv->deathW); + priv->deathW = NULL; + } + /* Unlock virDomainObj during destroy, which can take considerable * time on large memory domains. */ virObjectUnlock(vm); ret = libxl_domain_destroy(cfg->ctx, vm->def->id, NULL); virObjectLock(vm); - if (ret) - priv->ignoreDeathEvent = false; return ret; } @@ -877,8 +866,6 @@ libxlDomainCleanup(libxlDriverPrivatePtr driver, priv->deathW = NULL; } - priv->ignoreDeathEvent = false; - if (!!g_atomic_int_dec_and_test(&driver->nactive) && driver->inhibitCallback) driver->inhibitCallback(false, driver->inhibitOpaque); diff --git a/src/libxl/libxl_domain.h b/src/libxl/libxl_domain.h index 0068254..e06a88b 100644 --- a/src/libxl/libxl_domain.h +++ b/src/libxl/libxl_domain.h @@ -62,9 +62,6 @@ struct _libxlDomainObjPrivate { /* console */ virChrdevsPtr devs; libxl_evgen_domain_death *deathW; - /* Flag to indicate the upcoming LIBXL_EVENT_TYPE_DOMAIN_DEATH is caused - * by libvirt and should not be handled separately */ - bool ignoreDeathEvent; virThreadPtr migrationDstReceiveThr; unsigned short migrationPort; char *lockState;