From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MQqSg-0004O4-CW
	for qemu-devel@nongnu.org; Tue, 14 Jul 2009 18:26:58 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MQqSc-0004N1-VP
	for qemu-devel@nongnu.org; Tue, 14 Jul 2009 18:26:58 -0400
Received: from [199.232.76.173] (port=47122 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MQqSc-0004Mw-N7
	for qemu-devel@nongnu.org; Tue, 14 Jul 2009 18:26:54 -0400
Received: from mx2.redhat.com ([66.187.237.31]:53786)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <glommer@redhat.com>) id 1MQqSc-0001Jr-2R
	for qemu-devel@nongnu.org; Tue, 14 Jul 2009 18:26:54 -0400
From: Glauber Costa <glommer@redhat.com>
Date: Tue, 14 Jul 2009 18:26:51 -0400
Message-Id: <1247610411-6285-1-git-send-email-glommer@redhat.com>
Subject: [Qemu-devel] [PATCH] fix segfault in setting migration speed
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: aliguori@us.ibm.com

Hi,

Whoever wrote this migrate_set_speed function is totally stupid.

Any failed or completed migration keeps its state to allow probing of
migration data, but has no associated file anymore. It is, thus,
possible to crash qemu by calling migrate_set_speed after a migration
is finished (or failed, or cancelled), but before another one starts.

This patch fixes it.

Signed-off-by: Glauber Costa <glommer@redhat.com>
---
 savevm.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/savevm.c b/savevm.c
index 17da35a..e577109 100644
--- a/savevm.c
+++ b/savevm.c
@@ -574,7 +574,9 @@ int qemu_file_rate_limit(QEMUFile *f)
 
 size_t qemu_file_set_rate_limit(QEMUFile *f, size_t new_rate)
 {
-    if (f->set_rate_limit)
+    /* any failed or completed migration keeps its state to allow probing of
+     * migration data, but has no associated file anymore */
+    if (f && f->set_rate_limit)
         return f->set_rate_limit(f->opaque, new_rate);
 
     return 0;
-- 
1.6.2.2