<fix>[kvm]: use CAS remove to fix TOCTOU race in orphaned skip VM cleanup

AlanJager · AlanJager · commit 7a6d5d782090 · 2026-02-17T19:32:54.000+08:00
Resolves: ZSTAC-80821

Change-Id: I59284c4e69f5d2ee357b1836b7c243200e30949a
diff --git a/plugin/kvm/src/main/java/org/zstack/kvm/KvmVmSyncPingTask.java b/plugin/kvm/src/main/java/org/zstack/kvm/KvmVmSyncPingTask.java
@@ -497,7 +497,7 @@ public boolean isVmDoNotNeedToTrace(String vmUuid) {
                 return true;
             } else {
                 // Expired, clean up
-                orphanedSkipVms.remove(vmUuid);
+                orphanedSkipVms.remove(vmUuid, orphanedAt);
                 logger.info(String.format("orphaned skip entry for VM[uuid:%s] expired after %d minutes, resuming trace",
                         vmUuid, ORPHAN_TTL_MS / 60000));
             }
@@ -513,11 +513,9 @@ private void cleanupExpiredOrphanedSkipVms() {
         }
 
         long now = System.currentTimeMillis();
-        Iterator<Map.Entry<String, Long>> it = orphanedSkipVms.entrySet().iterator();
-        while (it.hasNext()) {
-            Map.Entry<String, Long> entry = it.next();
+        for (Map.Entry<String, Long> entry : orphanedSkipVms.entrySet()) {
             if (now - entry.getValue() >= ORPHAN_TTL_MS) {
-                it.remove();
+                orphanedSkipVms.remove(entry.getKey(), entry.getValue());
                 logger.info(String.format("cleaned up expired orphaned skip entry for VM[uuid:%s]", entry.getKey()));
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -497,7 +497,7 @@ public boolean isVmDoNotNeedToTrace(String vmUuid) {`
`497`	`497`	`return true;`
`498`	`498`	`} else {`
`499`	`499`	`// Expired, clean up`
`500`		`- orphanedSkipVms.remove(vmUuid);`
	`500`	`+ orphanedSkipVms.remove(vmUuid, orphanedAt);`
`501`	`501`	`logger.info(String.format("orphaned skip entry for VM[uuid:%s] expired after %d minutes, resuming trace",`
`502`	`502`	`vmUuid, ORPHAN_TTL_MS / 60000));`
`503`	`503`	`}`
`@@ -513,11 +513,9 @@ private void cleanupExpiredOrphanedSkipVms() {`
`513`	`513`	`}`
`514`	`514`
`515`	`515`	`long now = System.currentTimeMillis();`
`516`		`- Iterator<Map.Entry<String, Long>> it = orphanedSkipVms.entrySet().iterator();`
`517`		`- while (it.hasNext()) {`
`518`		`- Map.Entry<String, Long> entry = it.next();`
	`516`	`+ for (Map.Entry<String, Long> entry : orphanedSkipVms.entrySet()) {`
`519`	`517`	`if (now - entry.getValue() >= ORPHAN_TTL_MS) {`
`520`		`- it.remove();`
	`518`	`+ orphanedSkipVms.remove(entry.getKey(), entry.getValue());`
`521`	`519`	`logger.info(String.format("cleaned up expired orphaned skip entry for VM[uuid:%s]", entry.getKey()));`
`522`	`520`	`}`
`523`	`521`	`}`