libvirt/mdev-Fix-daemon-crash-when-reattaching-mdevs-on-assi.patch

From 69ea920668827c16ab27016d67a8e58e25f2aa55 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Wed, 23 Nov 2022 10:03:38 +0000
Subject: [PATCH 08/23] mdev: Fix daemon crash when reattaching mdevs on 
 assignment conflict If there's a list of mdevs to be assigned to a domain,
 but one of them (NOT the first) is already assigned to a different domain
 we're going to crash in the qemuProcessStop phase in
 virMediatedDeviceListFindIndex, because some of the pointers in
 mgr->activeMediatedHostdevs are dangling. This is due to
 virMediatedDeviceListMarkDevices using cleanup instead of rollback when we
 find out that a device is already taken.

Reproducer steps:
1. start vm1 with mdev1
2. start vm2 with mdev2, mdev1 (the order is important!)

Backtrace:
 #0  0x0000ffffb8c36250 in strcmp
 #1  0x0000ffffb9b80754 in virMediatedDeviceListFindIndex
 #2  0x0000ffffb9b80870 in virMediatedDeviceListFind
 #3  0x0000ffffb9c9e168 in virHostdevReAttachMediatedDevices
 #4  0x0000ffff9949f724 in qemuHostdevReAttachMediatedDevices
 #5  0x0000ffff9949f7f8 in qemuHostdevReAttachDomainDevices
 #6  0x0000ffff994bcd70 in qemuProcessStop
 #7  0x0000ffff994bf4e0 in qemuProcessStart

Signed-off-by: Binfeng Wu <wubinfeng@huawei.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>

Signed-off-by: tangbin <tangbin_yewu@cmss.chinamobile.com>
(cherry-pick from 8361d335ab77cb1f3b70a3fa92f7e2d0aaa31bac)
---
 src/util/virmdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virmdev.c b/src/util/virmdev.c
index bae4a7d2c1..a40d2f4fb5 100644
--- a/src/util/virmdev.c
+++ b/src/util/virmdev.c
@@ -445,7 +445,7 @@ virMediatedDeviceListMarkDevices(virMediatedDeviceListPtr dst,
 
         if (virMediatedDeviceIsUsed(mdev, dst) ||
             virMediatedDeviceSetUsedBy(mdev, drvname, domname) < 0)
-            goto cleanup;
+            goto rollback;
 
         /* Copy mdev references to the driver list:
          * - caller is responsible for NOT freeing devices in @src on success
-- 
2.27.0
sync some bugfix patches from upstream Signed-off-by: yezengruan <yezengruan@huawei.com> 2022-11-25 19:41:00 +08:00			`From 69ea920668827c16ab27016d67a8e58e25f2aa55 Mon Sep 17 00:00:00 2001`
			`From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>`
			`Date: Wed, 23 Nov 2022 10:03:38 +0000`
			`Subject: [PATCH 08/23] mdev: Fix daemon crash when reattaching mdevs on`
			`assignment conflict If there's a list of mdevs to be assigned to a domain,`
			`but one of them (NOT the first) is already assigned to a different domain`
			`we're going to crash in the qemuProcessStop phase in`
			`virMediatedDeviceListFindIndex, because some of the pointers in`
			`mgr->activeMediatedHostdevs are dangling. This is due to`
			`virMediatedDeviceListMarkDevices using cleanup instead of rollback when we`
			`find out that a device is already taken.`

			`Reproducer steps:`
			`1. start vm1 with mdev1`
			`2. start vm2 with mdev2, mdev1 (the order is important!)`

			`Backtrace:`
			`#0 0x0000ffffb8c36250 in strcmp`
			`#1 0x0000ffffb9b80754 in virMediatedDeviceListFindIndex`
			`#2 0x0000ffffb9b80870 in virMediatedDeviceListFind`
			`#3 0x0000ffffb9c9e168 in virHostdevReAttachMediatedDevices`
			`#4 0x0000ffff9949f724 in qemuHostdevReAttachMediatedDevices`
			`#5 0x0000ffff9949f7f8 in qemuHostdevReAttachDomainDevices`
			`#6 0x0000ffff994bcd70 in qemuProcessStop`
			`#7 0x0000ffff994bf4e0 in qemuProcessStart`

			`Signed-off-by: Binfeng Wu <wubinfeng@huawei.com>`
			`Reviewed-by: Erik Skultety <eskultet@redhat.com>`

			`Signed-off-by: tangbin <tangbin_yewu@cmss.chinamobile.com>`
			`(cherry-pick from 8361d335ab77cb1f3b70a3fa92f7e2d0aaa31bac)`
			`---`
			`src/util/virmdev.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/src/util/virmdev.c b/src/util/virmdev.c`
			`index bae4a7d2c1..a40d2f4fb5 100644`
			`--- a/src/util/virmdev.c`
			`+++ b/src/util/virmdev.c`
			`@@ -445,7 +445,7 @@ virMediatedDeviceListMarkDevices(virMediatedDeviceListPtr dst,`

			`if (virMediatedDeviceIsUsed(mdev, dst) \|\|`
			`virMediatedDeviceSetUsedBy(mdev, drvname, domname) < 0)`
			`- goto cleanup;`
			`+ goto rollback;`

			`/* Copy mdev references to the driver list:`
			`* - caller is responsible for NOT freeing devices in @src on success`
			`--`
			`2.27.0`