From patchwork Wed Sep 19 13:35:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fei Li X-Patchwork-Id: 10605873 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 80F491508 for ; Wed, 19 Sep 2018 13:41:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 728912C207 for ; Wed, 19 Sep 2018 13:41:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6FBC32C1E4; Wed, 19 Sep 2018 13:41:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0BF9A2C1E4 for ; Wed, 19 Sep 2018 13:41:24 +0000 (UTC) Received: from localhost ([::1]:45539 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g2cjM-00039A-Bi for patchwork-qemu-devel@patchwork.kernel.org; Wed, 19 Sep 2018 09:41:24 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43214) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g2ceF-0007zw-Od for qemu-devel@nongnu.org; Wed, 19 Sep 2018 09:36:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g2ceB-000385-U0 for qemu-devel@nongnu.org; Wed, 19 Sep 2018 09:36:05 -0400 Received: from smtp.nue.novell.com ([195.135.221.5]:45750) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1g2ce9-00035W-UW for qemu-devel@nongnu.org; Wed, 19 Sep 2018 09:36:03 -0400 Received: from localhost.localdomain ([45.122.156.254]) by smtp.nue.novell.com with ESMTP (NOT encrypted); Wed, 19 Sep 2018 15:35:57 +0200 From: Fei Li To: qemu-devel@nongnu.org Date: Wed, 19 Sep 2018 21:35:21 +0800 Message-Id: <20180919133523.13351-6-fli@suse.com> X-Mailer: git-send-email 2.13.7 In-Reply-To: <20180919133523.13351-1-fli@suse.com> References: <20180919133523.13351-1-fli@suse.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 195.135.221.5 Subject: [Qemu-devel] [PATCH RFC v3 5/7] migration: fix the multifd code X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: famz@redhat.com, peterx@redhat.comc, armbru@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP When multifd is used during migration, if there is an error before the destination receives all new channels, the destination does not exit but keeps waiting in our current code. However, a segmentaion fault will occur in the source when multifd_save_cleanup() is called again as the multifd_send_state has been freed earlier in the first error handling. This can happen when migrate_fd_connect() fails and multifd_fd_cleanup() is called, and then multifd_new_send_channel_ async() fails and multifd_save_cleanup() is called again. If the QIOChannel *c of multifd_recv_state->params[i] (p->c) is not initialized, there is no need to close the channel. Or else a segmentation fault will occur in multifd_recv_terminate_threads() when multifd_recv_initial_packet() fails. Signed-off-by: Fei Li --- migration/ram.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/migration/ram.c b/migration/ram.c index 522a5550b4..8338ffd63b 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -907,6 +907,11 @@ static void multifd_send_terminate_threads(Error *err) } } + /* in case multifd_send_state has been freed earlier */ + if (!multifd_send_state) { + return; + } + for (i = 0; i < migrate_multifd_channels(); i++) { MultiFDSendParams *p = &multifd_send_state->params[i]; @@ -926,6 +931,10 @@ int multifd_save_cleanup(Error **errp) return 0; } multifd_send_terminate_threads(NULL); + /* in case multifd_send_state has been freed earlier */ + if (!multifd_send_state) { + return 0; + } for (i = 0; i < migrate_multifd_channels(); i++) { MultiFDSendParams *p = &multifd_send_state->params[i]; @@ -1131,7 +1140,7 @@ struct { uint64_t packet_num; } *multifd_recv_state; -static void multifd_recv_terminate_threads(Error *err) +static void multifd_recv_terminate_threads(Error *err, bool channel) { int i; @@ -1145,6 +1154,11 @@ static void multifd_recv_terminate_threads(Error *err) } } + /* in case p->c is not initialized */ + if (!channel) { + return; + } + for (i = 0; i < migrate_multifd_channels(); i++) { MultiFDRecvParams *p = &multifd_recv_state->params[i]; @@ -1166,7 +1180,7 @@ int multifd_load_cleanup(Error **errp) if (!migrate_use_multifd()) { return 0; } - multifd_recv_terminate_threads(NULL); + multifd_recv_terminate_threads(NULL, true); for (i = 0; i < migrate_multifd_channels(); i++) { MultiFDRecvParams *p = &multifd_recv_state->params[i]; @@ -1269,7 +1283,7 @@ static void *multifd_recv_thread(void *opaque) } if (local_err) { - multifd_recv_terminate_threads(local_err); + multifd_recv_terminate_threads(local_err, true); } qemu_mutex_lock(&p->mutex); p->running = false; @@ -1331,7 +1345,7 @@ bool multifd_recv_new_channel(QIOChannel *ioc) id = multifd_recv_initial_packet(ioc, &local_err); if (id < 0) { - multifd_recv_terminate_threads(local_err); + multifd_recv_terminate_threads(local_err, false); return false; } @@ -1339,7 +1353,7 @@ bool multifd_recv_new_channel(QIOChannel *ioc) if (p->c != NULL) { error_setg(&local_err, "multifd: received id '%d' already setup'", id); - multifd_recv_terminate_threads(local_err); + multifd_recv_terminate_threads(local_err, true); return false; } p->c = ioc;