commit 99486799c3f911caa009d64889fc05ec3b07f986
Author: Jim Fehlig <jfehlig@suse.com>
Date:   Mon Mar 12 12:22:34 2018 -0600

    libxl: MigrateConfirm: Dont unlock virDomainObj in helper function
    
    The libxlDomainMigrateConfirm3Params API locks and ref counts the associated
    virDomainObj but relies on the helper function libxlDomainMigrationConfirm
    to unlock the object. Unref'ing the object is not done in either function.
    libxlDomainMigrationConfirm is also used by libxlDomainMigratePerform3Params
    for p2p migration, but in that case the lock/ref and unref/unlock are
    properly handled in the API entry point.
    
    Remove the unlock from libxlDomainMigrationConfirm and adjust
    libxlDomainMigrateConfirm3Params to properly unref/unlock the virDomainObj
    on success and error paths.
    
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
    Reviewed-by: John Ferlan <jferlan@redhat.com>

Index: libvirt-4.1.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-4.1.0.orig/src/libxl/libxl_driver.c
+++ libvirt-4.1.0/src/libxl/libxl_driver.c
@@ -6161,6 +6161,7 @@ libxlDomainMigrateConfirm3Params(virDoma
 {
     libxlDriverPrivatePtr driver = domain->conn->privateData;
     virDomainObjPtr vm = NULL;
+    int ret = -1;
 
 #ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
     virReportUnsupportedError();
@@ -6174,12 +6175,14 @@ libxlDomainMigrateConfirm3Params(virDoma
     if (!(vm = libxlDomObjFromDomain(domain)))
         return -1;
 
-    if (virDomainMigrateConfirm3ParamsEnsureACL(domain->conn, vm->def) < 0) {
-        virObjectUnlock(vm);
-        return -1;
-    }
+    if (virDomainMigrateConfirm3ParamsEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
+    ret = libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
 
-    return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return ret;
 }
 
 static int libxlNodeGetSecurityModel(virConnectPtr conn,
Index: libvirt-4.1.0/src/libxl/libxl_migration.c
===================================================================
--- libvirt-4.1.0.orig/src/libxl/libxl_migration.c
+++ libvirt-4.1.0/src/libxl/libxl_migration.c
@@ -1392,7 +1392,8 @@ libxlDomainMigrationConfirm(libxlDriverP
 
     if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE)) {
         virDomainObjListRemove(driver->domains, vm);
-        vm = NULL;
+        /* Caller passed a locked vm and expects the same on return */
+        virObjectLock(vm);
     }
 
     ret = 0;
@@ -1400,8 +1401,6 @@ libxlDomainMigrationConfirm(libxlDriverP
  cleanup:
     if (event)
         libxlDomainEventQueue(driver, event);
-    if (vm)
-        virObjectUnlock(vm);
     virObjectUnref(cfg);
     return ret;
 }