qemu/migration
Fabiano Rosas 4ce5622908 migration/multifd: Fix rb->receivedmap cleanup race
Fix a segmentation fault in multifd when rb->receivedmap is cleared
too early.

After commit 5ef7e26bdb ("migration/multifd: solve zero page causing
multiple page faults"), multifd started using the rb->receivedmap
bitmap, which belongs to ram.c and is initialized and *freed* from the
ram SaveVMHandlers.

Multifd threads are live until migration_incoming_state_destroy(),
which is called after qemu_loadvm_state_cleanup(), leading to a crash
when accessing rb->receivedmap.

process_incoming_migration_co()        ...
  qemu_loadvm_state()                  multifd_nocomp_recv()
    qemu_loadvm_state_cleanup()          ramblock_recv_bitmap_set_offset()
      rb->receivedmap = NULL               set_bit_atomic(..., rb->receivedmap)
  ...
  migration_incoming_state_destroy()
    multifd_recv_cleanup()
      multifd_recv_terminate_threads(NULL)

Move the loadvm cleanup into migration_incoming_state_destroy(), after
multifd_recv_cleanup() to ensure multifd threads have already exited
when rb->receivedmap is cleared.

Adjust the postcopy listen thread comment to indicate that we still
want to skip the cpu synchronization.

CC: qemu-stable@nongnu.org
Fixes: 5ef7e26bdb ("migration/multifd: solve zero page causing multiple page faults")
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240917185802.15619-3-farosas@suse.de
[peterx: added comment in migration_incoming_state_destroy()]
Signed-off-by: Peter Xu <peterx@redhat.com>
2024-09-18 14:27:39 -04:00
..
block-dirty-bitmap.c migration: Add Error** argument to add_bitmaps_to_list() 2024-04-23 18:36:01 -04:00
channel-block.c io: follow coroutine AioContext in qio_channel_yield() 2023-09-07 20:32:11 -05:00
channel-block.h migration: introduce a QIOChannel impl for BlockDriverState VMState 2022-06-22 19:33:43 +01:00
channel.c migration: Fix migration_channel_read_peek() error path 2024-01-04 09:52:42 +08:00
channel.h migration: check magic value for deciding the mapping of channels 2023-02-06 19:22:57 +01:00
colo-failover.c migration/colo: Improve an x-colo-lost-heartbeat error message 2023-02-23 14:10:17 +01:00
colo-stubs.c migration/colo: make colo_incoming_co() return void 2024-05-22 17:34:31 -03:00
colo.c migration: Rename thread debug names 2024-06-21 09:47:59 -03:00
dirtyrate.c migration: remove unnecessary zlib dependency 2024-05-25 13:28:02 +02:00
dirtyrate.h migration/calc-dirty-rate: millisecond-granularity period 2023-10-10 08:03:50 +08:00
exec.c migration: simplify exec migration functions 2024-03-04 07:12:40 +01:00
exec.h migration: convert exec backend to accept MigrateAddress. 2023-11-02 11:35:04 +01:00
fd.c migration: Deprecate fd: for file migration 2024-05-08 09:20:59 -03:00
fd.h migration: Revert mapped-ram multifd support to fd: URI 2024-03-22 12:12:08 -04:00
file.c migration/multifd: Pass in MultiFDPages_t to file_write_ramblock_iov 2024-09-03 16:24:35 -03:00
file.h migration/multifd: Pass in MultiFDPages_t to file_write_ramblock_iov 2024-09-03 16:24:35 -03:00
global_state.c migration 1st pull for 9.0 2024-01-05 13:35:25 +00:00
meson.build migration: Introduce 'qatzip' compression method 2024-09-09 10:55:40 -04:00
migration-hmp-cmds.c migration: Add migration parameters for QATzip 2024-09-09 10:55:39 -04:00
migration-stats.c migration: migration_rate_limit_reset() don't need the QEMUFile 2023-10-31 08:44:33 +01:00
migration-stats.h migration: Remove transferred atomic counter 2023-10-31 08:44:33 +01:00
migration.c migration/multifd: Fix rb->receivedmap cleanup race 2024-09-18 14:27:39 -04:00
migration.h migration: Use MigrationStatus instead of int 2024-06-21 09:47:59 -03:00
multifd-nocomp.c migration/multifd: Stop changing the packet on recv side 2024-09-03 16:24:36 -03:00
multifd-qatzip.c migration/multifd: Fix build for qatzip 2024-09-17 17:50:45 -04:00
multifd-qpl.c migration/multifd: Make MultiFDMethods const 2024-09-03 16:24:36 -03:00
multifd-uadk.c migration/multifd: Fix p->iov leak in multifd-uadk.c 2024-09-03 16:24:36 -03:00
multifd-zero-page.c migration/multifd: Move pages accounting into multifd_send_zero_page_detect() 2024-09-03 16:24:35 -03:00
multifd-zlib.c migration/multifd: Make MultiFDMethods const 2024-09-03 16:24:36 -03:00
multifd-zstd.c migration/multifd: Fix loop conditions in multifd_zstd_send_prepare and multifd_zstd_recv 2024-09-18 14:27:24 -04:00
multifd.c migration/multifd: Add a couple of asserts for p->iov 2024-09-03 16:24:37 -03:00
multifd.h migration: Introduce 'qatzip' compression method 2024-09-09 10:55:40 -04:00
options.c migration: Add migration parameters for QATzip 2024-09-09 10:55:39 -04:00
options.h migration: Add migration parameters for QATzip 2024-09-09 10:55:39 -04:00
page_cache.c migration: Fix cache_init()'s "Failed to allocate" error messages 2021-02-08 11:19:51 +00:00
page_cache.h migration: Clean up signed vs. unsigned XBZRLE cache-size 2021-02-08 11:19:51 +00:00
postcopy-ram.c migration/postcopy: Add postcopy-recover-setup phase 2024-06-21 09:47:59 -03:00
postcopy-ram.h migration/postcopy: Add postcopy-recover-setup phase 2024-06-21 09:47:59 -03:00
qemu-file.c migration: remove unnecessary zlib dependency 2024-05-25 13:28:02 +02:00
qemu-file.h migration: Remove non-multifd compression 2024-05-08 09:20:59 -03:00
ram.c migration/multifd: Allow multifd sync without flush 2024-09-03 16:24:36 -03:00
ram.h migration/multifd: solve zero page causing multiple page faults 2024-04-23 18:36:01 -04:00
rdma.c migration/rdma: Fix a memory issue for migration 2024-03-11 14:41:40 -04:00
rdma.h migration: convert rdma backend to accept MigrateAddress 2023-11-02 11:35:03 +01:00
savevm.c migration/multifd: Fix rb->receivedmap cleanup race 2024-09-18 14:27:39 -04:00
savevm.h migration: Add Error** argument to qemu_savevm_state_setup() 2024-04-23 18:36:01 -04:00
socket.c migration/multifd: Drop unnecessary helper to destroy IOC 2024-02-28 11:31:28 +08:00
socket.h migration/multifd: Drop unnecessary helper to destroy IOC 2024-02-28 11:31:28 +08:00
target.c migration: Add migration prefix to functions in target.c 2023-09-11 08:34:06 +02:00
threadinfo.c migration/multifd: Protect accesses to migration_threads 2023-07-26 10:55:56 +02:00
threadinfo.h migration/multifd: Protect accesses to migration_threads 2023-07-26 10:55:56 +02:00
tls.c migration: Drop unused parameter for migration_tls_client_create() 2023-05-03 11:24:20 +02:00
tls.h migration: Drop unused parameter for migration_tls_client_create() 2023-05-03 11:24:20 +02:00
trace-events migration/multifd: Isolate ram pages packet data 2024-09-03 16:24:35 -03:00
trace.h
vmstate-types.c Move CPU softfloat unions to cpu-float.h 2022-04-06 14:31:43 +02:00
vmstate.c migration: fix a typo 2024-05-22 17:34:40 -03:00
xbzrle.c migration/xbzrle: Use i386 host/cpuinfo.h 2023-05-23 16:51:18 -07:00
xbzrle.h migration/xbzrle: Use i386 host/cpuinfo.h 2023-05-23 16:51:18 -07:00
yank_functions.c migration/yank: Use channel features 2024-01-29 11:02:12 +08:00
yank_functions.h migration: Move the yank unregister of channel_close out 2021-07-26 12:45:03 +01:00