From: Juan Quintela <quintela@redhat.com>
To: qemu-devel@nongnu.org
Cc: dgilbert@redhat.com, Laurent Vivier <lvivier@redhat.com>
Subject: [Qemu-devel] [PULL 60/65] migration: don't close a file descriptor while it can be in use
Date: Fri, 21 Apr 2017 13:56:41 +0200 [thread overview]
Message-ID: <20170421115646.15544-61-quintela@redhat.com> (raw)
In-Reply-To: <20170421115646.15544-1-quintela@redhat.com>
From: Laurent Vivier <lvivier@redhat.com>
If we close the QEMUFile descriptor in process_incoming_migration_co()
while it has been stopped by an error, the postcopy_ram_listen_thread()
can try to continue to use it. And as the memory has been freed
it is working with an invalid pointer and crashes.
Fix this by releasing the memory after having managed the error
case (which, in fact, calls exit())
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit@kernel.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
---
migration/migration.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/migration/migration.c b/migration/migration.c
index a92d7f7..31e8141 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -435,17 +435,17 @@ static void process_incoming_migration_co(void *opaque)
qemu_thread_join(&mis->colo_incoming_thread);
}
+ if (ret < 0) {
+ migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
+ MIGRATION_STATUS_FAILED);
+ error_report("load of migration failed: %s", strerror(-ret));
+ migrate_decompress_threads_join();
+ exit(EXIT_FAILURE);
+ }
+
qemu_fclose(f);
free_xbzrle_decoded_buf();
- if (ret < 0) {
- migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
- MIGRATION_STATUS_FAILED);
- error_report("load of migration failed: %s", strerror(-ret));
- migrate_decompress_threads_join();
- exit(EXIT_FAILURE);
- }
-
mis->bh = qemu_bh_new(process_incoming_migration_bh, mis);
qemu_bh_schedule(mis->bh);
}
--
2.9.3
next prev parent reply other threads:[~2017-04-21 11:58 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-21 11:55 [Qemu-devel] [PULL 00/65] Migration pull request Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 01/65] ram: Update all functions comments Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 02/65] ram: Rename flush_page_queue() to migration_page_queue_free() Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 03/65] ram: Rename block_name to rbname Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 04/65] ram: Create RAMState Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 05/65] ram: Add dirty_rate_high_cnt to RAMState Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 06/65] ram: Move bitmap_sync_count into RAMState Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 07/65] ram: Move start time " Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 08/65] ram: Move bytes_xfer_prev " Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 09/65] ram: Change byte_xfer_{prev, now} type to uint64_t Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 10/65] ram: Move num_dirty_pages_period into RAMState Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 11/65] ram: Change num_dirty_pages_period type to uint64_t Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 12/65] ram: Move xbzrle_cache_miss_prev into RAMState Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 13/65] ram: Move iterations_prev " Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 14/65] ram: Move dup_pages " Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 15/65] ram: Remove unused dup_mig_bytes_transferred() Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 16/65] ram: Remove unused pages_skipped variable Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 17/65] ram: Move norm_pages to RAMState Juan Quintela
2017-04-21 11:55 ` [Qemu-devel] [PULL 18/65] ram: Remove norm_mig_bytes_transferred Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 19/65] ram: Move iterations into RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 20/65] ram: Move xbzrle_bytes " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 21/65] ram: Move xbzrle_pages " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 22/65] ram: Move xbzrle_cache_miss " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 23/65] ram: Move xbzrle_cache_miss_rate " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 24/65] ram: Move xbzrle_overflows " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 25/65] ram: Move migration_dirty_pages to RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 26/65] ram: Everything was init to zero, so use memset Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 27/65] ram: Move migration_bitmap_mutex into RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 28/65] ram: Move migration_bitmap_rcu " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 29/65] ram: Move bytes_transferred " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 30/65] ram: Use the RAMState bytes_transferred parameter Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 31/65] ram: Remove ram_save_remaining Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 32/65] ram: Move last_req_rb to RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 33/65] ram: Move src_page_req* " Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 34/65] ram: Create ram_dirty_sync_count() Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 35/65] ram: Remove dirty_bytes_rate Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 36/65] ram: Move dirty_pages_rate to RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 37/65] ram: Move postcopy_requests into RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 38/65] ram: Add QEMUFile to RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 39/65] ram: Move QEMUFile into RAMState Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 40/65] ram: Remove compression_switch and inline its logic Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 41/65] migration: Remove MigrationState from migration_in_postcopy Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 42/65] ram: We don't need MigrationState parameter anymore Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 43/65] ram: Rename qemu_target_page_bits() to qemu_target_page_size() Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 44/65] ram: Add page-size to output in 'info migrate' Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 45/65] ram: Pass RAMBlock to bitmap_sync Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 46/65] ram: ram_discard_range() don't use the mis parameter Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 47/65] ram: reorganize last_sent_block Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 48/65] ram: Use page number instead of an address for the bitmap operations Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 49/65] ram: Remember last_page instead of last_offset Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 50/65] ram: Change offset field in PageSearchStatus to page Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 51/65] ram: Use ramblock and page offset instead of absolute offset Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 52/65] ram: rename last_ram_offset() last_ram_pages() Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 53/65] ram: Use RAMBitmap type for coherence Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 54/65] migration: Remove MigrationState parameter from migration_is_idle() Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 55/65] qdev: qdev_hotplug is really a bool Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 56/65] qdev: Export qdev_hot_removed Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 57/65] qdev: Move qdev_unplug() to qdev-monitor.c Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 58/65] migration: Disable hotplug/unplug during migration Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 59/65] ram: Remove migration_bitmap_extend() Juan Quintela
2017-04-21 11:56 ` Juan Quintela [this message]
2017-04-21 11:56 ` [Qemu-devel] [PULL 61/65] virtio-rng: stop virtqueue while the CPU is stopped Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 62/65] migration: set current_active_state once Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 63/65] migration: rename max_size to threshold_size Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 64/65] hmp: info migrate_capability format tunes Juan Quintela
2017-04-21 11:56 ` [Qemu-devel] [PULL 65/65] hmp: info migrate_parameters " Juan Quintela
2017-04-21 16:09 ` [Qemu-devel] [PULL 00/65] Migration pull request Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170421115646.15544-61-quintela@redhat.com \
--to=quintela@redhat.com \
--cc=dgilbert@redhat.com \
--cc=lvivier@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).