mirrors
/
qemu
mirror of https://gitlab.com/qemu-project/qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu/migration
History
Fabiano Rosas 4ce5622908 migration/multifd: Fix rb->receivedmap cleanup race 
Fix a segmentation fault in multifd when rb->receivedmap is cleared
too early.

After commit 5ef7e26bdb ("migration/multifd: solve zero page causing
multiple page faults"), multifd started using the rb->receivedmap
bitmap, which belongs to ram.c and is initialized and *freed* from the
ram SaveVMHandlers.

Multifd threads are live until migration_incoming_state_destroy(),
which is called after qemu_loadvm_state_cleanup(), leading to a crash
when accessing rb->receivedmap.

process_incoming_migration_co()        ...
  qemu_loadvm_state()                  multifd_nocomp_recv()
    qemu_loadvm_state_cleanup()          ramblock_recv_bitmap_set_offset()
      rb->receivedmap = NULL               set_bit_atomic(..., rb->receivedmap)
  ...
  migration_incoming_state_destroy()
    multifd_recv_cleanup()
      multifd_recv_terminate_threads(NULL)

Move the loadvm cleanup into migration_incoming_state_destroy(), after
multifd_recv_cleanup() to ensure multifd threads have already exited
when rb->receivedmap is cleared.

Adjust the postcopy listen thread comment to indicate that we still
want to skip the cpu synchronization.

CC: qemu-stable@nongnu.org
Fixes: 5ef7e26bdb ("migration/multifd: solve zero page causing multiple page faults")
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240917185802.15619-3-farosas@suse.de
[peterx: added comment in migration_incoming_state_destroy()]
Signed-off-by: Peter Xu <peterx@redhat.com>
 		2024-09-18 14:27:39 -04:00
..
block-dirty-bitmap.c migration: Add Error** argument to add_bitmaps_to_list() 2024-04-23 18:36:01 -04:00
channel-block.c
channel-block.h
channel.c
channel.h
colo-failover.c
colo-stubs.c migration/colo: make colo_incoming_co() return void 2024-05-22 17:34:31 -03:00
colo.c migration: Rename thread debug names 2024-06-21 09:47:59 -03:00
dirtyrate.c migration: remove unnecessary zlib dependency 2024-05-25 13:28:02 +02:00
dirtyrate.h
exec.c migration: simplify exec migration functions 2024-03-04 07:12:40 +01:00
exec.h
fd.c migration: Deprecate fd: for file migration 2024-05-08 09:20:59 -03:00
fd.h migration: Revert mapped-ram multifd support to fd: URI 2024-03-22 12:12:08 -04:00
file.c migration/multifd: Pass in MultiFDPages_t to file_write_ramblock_iov 2024-09-03 16:24:35 -03:00
file.h migration/multifd: Pass in MultiFDPages_t to file_write_ramblock_iov 2024-09-03 16:24:35 -03:00
global_state.c
meson.build migration: Introduce 'qatzip' compression method 2024-09-09 10:55:40 -04:00
migration-hmp-cmds.c migration: Add migration parameters for QATzip 2024-09-09 10:55:39 -04:00
migration-stats.c
migration-stats.h
migration.c migration/multifd: Fix rb->receivedmap cleanup race 2024-09-18 14:27:39 -04:00
migration.h migration: Use MigrationStatus instead of int 2024-06-21 09:47:59 -03:00
multifd-nocomp.c migration/multifd: Stop changing the packet on recv side 2024-09-03 16:24:36 -03:00
multifd-qatzip.c migration/multifd: Fix build for qatzip 2024-09-17 17:50:45 -04:00
multifd-qpl.c migration/multifd: Make MultiFDMethods const 2024-09-03 16:24:36 -03:00
multifd-uadk.c migration/multifd: Fix p->iov leak in multifd-uadk.c 2024-09-03 16:24:36 -03:00
multifd-zero-page.c migration/multifd: Move pages accounting into multifd_send_zero_page_detect() 2024-09-03 16:24:35 -03:00
multifd-zlib.c migration/multifd: Make MultiFDMethods const 2024-09-03 16:24:36 -03:00
multifd-zstd.c migration/multifd: Fix loop conditions in multifd_zstd_send_prepare and multifd_zstd_recv 2024-09-18 14:27:24 -04:00
multifd.c migration/multifd: Add a couple of asserts for p->iov 2024-09-03 16:24:37 -03:00
multifd.h migration: Introduce 'qatzip' compression method 2024-09-09 10:55:40 -04:00
options.c migration: Add migration parameters for QATzip 2024-09-09 10:55:39 -04:00
options.h migration: Add migration parameters for QATzip 2024-09-09 10:55:39 -04:00
page_cache.c
page_cache.h
postcopy-ram.c migration/postcopy: Add postcopy-recover-setup phase 2024-06-21 09:47:59 -03:00
postcopy-ram.h migration/postcopy: Add postcopy-recover-setup phase 2024-06-21 09:47:59 -03:00
qemu-file.c migration: remove unnecessary zlib dependency 2024-05-25 13:28:02 +02:00
qemu-file.h migration: Remove non-multifd compression 2024-05-08 09:20:59 -03:00
ram.c migration/multifd: Allow multifd sync without flush 2024-09-03 16:24:36 -03:00
ram.h migration/multifd: solve zero page causing multiple page faults 2024-04-23 18:36:01 -04:00
rdma.c migration/rdma: Fix a memory issue for migration 2024-03-11 14:41:40 -04:00
rdma.h
savevm.c migration/multifd: Fix rb->receivedmap cleanup race 2024-09-18 14:27:39 -04:00
savevm.h migration: Add Error** argument to qemu_savevm_state_setup() 2024-04-23 18:36:01 -04:00
socket.c migration/multifd: Drop unnecessary helper to destroy IOC 2024-02-28 11:31:28 +08:00
socket.h migration/multifd: Drop unnecessary helper to destroy IOC 2024-02-28 11:31:28 +08:00
target.c
threadinfo.c
threadinfo.h
tls.c
tls.h
trace-events migration/multifd: Isolate ram pages packet data 2024-09-03 16:24:35 -03:00
trace.h
vmstate-types.c
vmstate.c migration: fix a typo 2024-05-22 17:34:40 -03:00
xbzrle.c
xbzrle.h
yank_functions.c
yank_functions.h