From a9ec2bb2c36416297bb8f339c2b0ac9ba5ae54e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Sun, 6 Jan 2019 03:57:19 +0100
Subject: [PATCH] vm/qubesvm: fix race condition in failed startup handling

Instead of checking if domain is still running/paused, try to kill it
anyway and ignore appropriate exception. Otherwise domain could die
before the check and killing.
---
 qubes/vm/qubesvm.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py
index 70a2c24d..a8d3ecc4 100644
--- a/qubes/vm/qubesvm.py
+++ b/qubes/vm/qubesvm.py
@@ -1068,8 +1068,10 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
                 # This avoids losing the exception if an exception is
                 # raised in self.force_shutdown(), because the vm is not
                 # running or paused
-                if self.is_running() or self.is_paused():
+                try:
                     yield from self._kill_locked()
+                except qubes.exc.QubesVMNotStartedError:
+                    pass
 
                 # let anyone receiving domain-pre-start know that startup failed
                 yield from self.fire_event_async('domain-start-failed',