mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9c4d333c09
qemu/migration
History
Zhimin Feng 9c4d333c09 migration/multifd: fix nullptr access in multifd_send_terminate_threads 
If the multifd_send_threads is not created when migration is failed,
multifd_save_cleanup would be called twice. In this senario, the
multifd_send_state is accessed after it has been released, the result
is that the source VM is crashing down.

Here is the coredump stack:
    Program received signal SIGSEGV, Segmentation fault.
    0x00005629333a78ef in multifd_send_terminate_threads (err=err@entry=0x0) at migration/ram.c:1012
    1012            MultiFDSendParams *p = &multifd_send_state->params[i];
    #0  0x00005629333a78ef in multifd_send_terminate_threads (err=err@entry=0x0) at migration/ram.c:1012
    #1  0x00005629333ab8a9 in multifd_save_cleanup () at migration/ram.c:1028
    #2  0x00005629333abaea in multifd_new_send_channel_async (task=0x562935450e70, opaque=<optimized out>) at migration/ram.c:1202
    #3  0x000056293373a562 in qio_task_complete (task=task@entry=0x562935450e70) at io/task.c:196
    #4  0x000056293373a6e0 in qio_task_thread_result (opaque=0x562935450e70) at io/task.c:111
    #5  0x00007f475d4d75a7 in g_idle_dispatch () from /usr/lib64/libglib-2.0.so.0
    #6  0x00007f475d4da9a9 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
    #7  0x0000562933785b33 in glib_pollfds_poll () at util/main-loop.c:219
    #8  os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:242
    #9  main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:518
    #10 0x00005629334c5acf in main_loop () at vl.c:1810
    #11 0x000056293334d7bb in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4471

If the multifd_send_threads is not created when migration is failed.
In this senario, we don't call multifd_save_cleanup in multifd_new_send_channel_async.

Signed-off-by: Zhimin Feng <fengzhimin1@huawei.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2020-01-29 11:28:59 +01:00
..
block-dirty-bitmap.c block/dirty-bitmap: refactor bdrv_dirty_bitmap_next 2019-10-17 17:02:32 -04:00
block.c block/dirty-bitmap: add bs link 2019-10-17 17:02:32 -04:00
block.h migration: disable auto-converge during bulk block migration 2017-09-27 11:27:14 +01:00
channel.c migration: fix the multifd code when receiving less channels 2019-01-23 15:02:07 +00:00
channel.h migration: Route errors down through migration_channel_connect 2018-02-06 10:55:12 +00:00
colo-failover.c migration/colo.c: Remove redundant input parameter 2019-05-14 17:33:35 +01:00
colo.c sysemu: Split sysemu/runstate.h off sysemu/sysemu.h 2019-08-16 13:37:36 +02:00
exec.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
exec.h migration: Export exec.c functions in its own file 2017-06-01 18:49:22 +02:00
fd.c migration: Fix fd protocol for incoming defer 2019-06-05 12:43:55 +02:00
fd.h migration: Fix fd protocol for incoming defer 2019-06-05 12:43:55 +02:00
global_state.c sysemu: Split sysemu/runstate.h off sysemu/sysemu.h 2019-08-16 13:37:36 +02:00
Makefile.objs COLO: Remove colo_state migration struct 2018-10-19 11:15:03 +08:00
migration.c migration: Create migration_is_running() 2020-01-29 11:28:59 +01:00
migration.h migration: Create migration_is_running() 2020-01-29 11:28:59 +01:00
page_cache.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
page_cache.h migration: Make cache_init() take an error parameter 2017-10-23 18:03:25 +02:00
postcopy-ram.c core: replace getpagesize() with qemu_real_host_page_size 2019-10-26 15:38:06 +02:00
postcopy-ram.h migration/postcopy: rename postcopy_ram_enable_notify to postcopy_ram_incoming_setup 2019-10-11 14:59:58 +01:00
qemu-file-channel.c Header cleanup patches for 2019-08-13 2019-08-16 14:53:43 +01:00
qemu-file-channel.h migration: Export qemu-file-channel.c functions in its own file 2017-05-18 19:20:50 +02:00
qemu-file.c qemu-file: Don't do IO after shutdown 2020-01-29 11:28:59 +01:00
qemu-file.h Header cleanup patches for 2019-08-13 2019-08-16 14:53:43 +01:00
qjson.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qjson.h migration: fix vmdesc leak on vmstate_save() error 2019-09-25 15:51:19 +01:00
ram.c migration/multifd: fix nullptr access in multifd_send_terminate_threads 2020-01-29 11:28:59 +01:00
ram.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
rdma.c migration: Use automatic rcu_read unlock in rdma.c 2019-10-11 14:20:01 +01:00
rdma.h migration: Export rdma.c functions in its own file 2017-06-01 18:49:23 +02:00
savevm.c migration: Create migration_is_running() 2020-01-29 11:28:59 +01:00
savevm.h migration: add new migration state wait-unplug 2019-10-29 18:55:26 -04:00
socket.c multifd: Use number of channels as listen backlog 2019-09-03 23:24:42 +02:00
socket.h migration: Export functions to create send channels 2018-05-15 20:24:27 +02:00
tls.c migration: add support for a "tls-authz" migration parameter 2019-03-25 18:13:47 +01:00
tls.h migration: Export tls.c functions in its own file 2017-06-01 18:49:23 +02:00
trace-events migration: Support QLIST migration 2020-01-20 09:10:23 +01:00
vmstate-types.c migration: Support QLIST migration 2020-01-20 09:10:23 +01:00
vmstate.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
xbzrle.c migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00
xbzrle.h migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00