From aa0e383256cf43b2d3583c5d03ff27804627000c Mon Sep 17 00:00:00 2001 From: pd Date: Thu, 30 Apr 2020 03:50:54 +0000 Subject: vmd(8): correctly terminate vm processes after sending vm Instead of a round about way of sending a message to vmm that 'send is successful' and terminating by vm_remove from vmm, we can send the imsg and exit in the vm process. The sigchld handler in vmm will vm_remove it from its structures. This is how a normal vm is terminated as well. Previously, vm_remove was called in vmm_dispatch_vm (ie. the event handler to receive messages from vm process) when hanlding the IMSG_VMDOP_SEND_VM_RESPONSE (ie. the vm process has written the vm state to the fd passed on by vmctl send). This is not how vm_remove was intented to be used as it does a free(vm). The vm struct holds the buffers for imsg and so after handling this IMSG_VMDOP_SEND_VM_RESPONSE message, vmm_dispatch_vm loops again to do imsg_get(ibuf, &imsg) to read the next message (and we had just freed this *ibuf when we freed the vm struct) causing it to segfault. reported by kn@ ok kn@ --- usr.sbin/vmd/vm.c | 6 +++++- usr.sbin/vmd/vmm.c | 6 +----- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/vmd/vm.c b/usr.sbin/vmd/vm.c index ba9319b4aa4..854cc9d32ff 100644 --- a/usr.sbin/vmd/vm.c +++ b/usr.sbin/vmd/vm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vm.c,v 1.56 2020/04/21 03:36:56 pd Exp $ */ +/* $OpenBSD: vm.c,v 1.57 2020/04/30 03:50:53 pd Exp $ */ /* * Copyright (c) 2015 Mike Larkin @@ -469,6 +469,10 @@ vm_dispatch_vmm(int fd, short event, void *arg) IMSG_VMDOP_SEND_VM_RESPONSE, imsg.hdr.peerid, imsg.hdr.pid, -1, &vmr, sizeof(vmr)); + if (!vmr.vmr_result) { + imsg_flush(¤t_vm->vm_iev.ibuf); + _exit(0); + } break; default: fatalx("%s: got invalid imsg %d from %s", diff --git a/usr.sbin/vmd/vmm.c b/usr.sbin/vmd/vmm.c index fcc0c1e4be9..67b7f525004 100644 --- a/usr.sbin/vmd/vmm.c +++ b/usr.sbin/vmd/vmm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm.c,v 1.95 2019/12/11 06:45:17 pd Exp $ */ +/* $OpenBSD: vmm.c,v 1.96 2020/04/30 03:50:53 pd Exp $ */ /* * Copyright (c) 2015 Mike Larkin @@ -537,10 +537,6 @@ vmm_dispatch_vm(int fd, short event, void *arg) break; case IMSG_VMDOP_SEND_VM_RESPONSE: IMSG_SIZE_CHECK(&imsg, &vmr); - memcpy(&vmr, imsg.data, sizeof(vmr)); - if (!vmr.vmr_result) { - vm_remove(vm, __func__); - } case IMSG_VMDOP_PAUSE_VM_RESPONSE: case IMSG_VMDOP_UNPAUSE_VM_RESPONSE: for (i = 0; i < sizeof(procs); i++) { -- cgit v1.2.3