508747f303
xen-4.20.0-testing-src.tar.bz2
- New Features
* On Arm:
- Experimental support for Armv8-R.
- Support for NXP S32G3 Processors Family and NXP LINFlexD UART driver.
- Basic handling for SCMI requests over SMC using Shared Memory, by allowing
forwarding the calls to EL3 FW if coming from hwdom.
- Support for LLC (Last Level Cache) coloring.
* On x86:
- xl suspend/resume subcommands.
- Changed Features
* Fixed blkif protocol specification for sector sizes different than 512b.
* The dombuilder in libxenguest no longer un-gzips secondary modules, instead
leaving this to the guest kernel to do in guest context.
* On x86:
- Prefer ACPI reboot over UEFI ResetSystem() run time service call.
- Switched the xAPIC flat driver to use physical destination mode for external
interrupts instead of logical destination mode.
- Removed Features
* On x86:
- Support for running on Xeon Phi processors.
- Removed the `ucode=allow-same` command line option.
- Removed x2APIC Cluster Mode for external interrupts. x2APIC Physical and
Mixed Modes are still available.
- Dropped patches
xsa466.patch
- Move /etc/bash_completion.d/xl back to %_datadir/bash-completion/completions
OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=863
52 lines
1.9 KiB
Diff
52 lines
1.9 KiB
Diff
From fb0f946726ff8aaa15b76bc3ec3b18878851a447 Mon Sep 17 00:00:00 2001
|
|
From: Olaf Hering <olaf@aepfle.de>
|
|
Date: Fri, 27 Sep 2019 18:06:12 +0200
|
|
Subject: libxl: fix crash in helper_done due to uninitialized data
|
|
|
|
A crash in helper_done, called from libxl_domain_suspend, was reported,
|
|
triggered by 'virsh migrate --live xen+ssh://host':
|
|
|
|
#1 helper_done (...) at libxl_save_callout.c:371
|
|
helper_failed
|
|
helper_stop
|
|
libxl__save_helper_abort
|
|
#2 check_all_finished (..., rc=-3) at libxl_stream_write.c:671
|
|
stream_done
|
|
stream_complete
|
|
write_done
|
|
dc->callback == write_done
|
|
efd->func == datacopier_writable
|
|
#3 afterpoll_internal (...) at libxl_event.c:1269
|
|
|
|
This is triggered by a failed poll, the actual error was:
|
|
|
|
libxl_aoutils.c:328:datacopier_writable: unexpected poll event 0x1c on fd 37 (should be POLLOUT) writing libxc header during copy of save v2 stream
|
|
|
|
In this case revents in datacopier_writable is POLLHUP|POLLERR|POLLOUT,
|
|
which triggers datacopier_callback. In helper_done,
|
|
shs->completion_callback is still zero. libxl__xc_domain_save fills
|
|
dss.sws.shs. But that function is only called after stream_header_done.
|
|
Any error before that will leave dss partly uninitialized.
|
|
|
|
Fix this crash by checking if ->completion_callback is valid.
|
|
|
|
Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|
---
|
|
tools/libxl/libxl_save_callout.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
--- a/tools/libs/light/libxl_save_callout.c
|
|
+++ b/tools/libs/light/libxl_save_callout.c
|
|
@@ -364,8 +364,9 @@ static void helper_done(libxl__egc *egc,
|
|
assert(!libxl__save_helper_inuse(shs));
|
|
|
|
shs->egc = egc;
|
|
- shs->completion_callback(egc, shs->caller_state,
|
|
- shs->rc, shs->retval, shs->errnoval);
|
|
+ if (shs->completion_callback)
|
|
+ shs->completion_callback(egc, shs->caller_state,
|
|
+ shs->rc, shs->retval, shs->errnoval);
|
|
shs->egc = 0;
|
|
}
|
|
|