On Fri, Apr 01, 2022 at 10:32:56AM -0400, Jason Andryuk wrote:
> If domain_soft_reset_cb can't rename the save file, it doesn't call
> initiate_domain_create() and calls domcreate_complete().
>
> Skipping initiate_domain_create() means dcs->console_wait is
> uninitialized and all 0s.
>
> We have:
> domcreate_complete()
> libxl__xswait_stop()
> libxl__ev_xswatch_deregister().
>
> The uninitialized slotnum 0 is considered valid (-1 is the invalid
> sentinel), so the NULL pointer path to passed to xs_unwatch() which
> segfaults.
>
> libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0:
> deregister slotnum=0
>
> Move dcs->console_xswait initialization into the callers of
> initiate_domain_create, do_domain_create() and do_domain_soft_reset(),
> so it is initialized along with the other dcs state.
>
> Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support")
> Signed-off-by: Jason Andryuk <[email protected]>
Reviewed-by: Anthony PERARD <[email protected]>
Thanks,
--
Anthony PERARD
