Commit 55d0fe82 authored by Ilya Maximets's avatar Ilya Maximets Committed by Dr. David Alan Gilbert
Browse files

migration: Stop postcopy fault thread before notifying 



POSTCOPY_NOTIFY_INBOUND_END handlers will remove userfault fds
from the postcopy_remote_fds array which could be still in
use by the fault thread. Let's stop the thread before
notification to avoid possible accessing wrong memory.

Fixes: 46343570 ("vhost+postcopy: Wire up POSTCOPY_END notify")
Cc: qemu-stable@nongnu.org
Signed-off-by: default avatarIlya Maximets <i.maximets@samsung.com>
Message-Id: <20181008160536.6332-2-i.maximets@samsung.com>
Reviewed-by: default avatarDr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: default avatarMaxime Coquelin <maxime.coquelin@redhat.com>
Signed-off-by: default avatarDr. David Alan Gilbert <dgilbert@redhat.com>
parent 5571dc82

migration/postcopy-ram.c

+6 −5
Original line number Diff line number Diff line
@@ -533,6 +533,12 @@ int postcopy_ram_incoming_cleanup(MigrationIncomingState *mis) 
    if (mis->have_fault_thread) {

        Error *local_err = NULL;



        /* Let the fault thread quit */

        atomic_set(&mis->fault_thread_quit, 1);

        postcopy_fault_thread_notify(mis);

        trace_postcopy_ram_incoming_cleanup_join();

        qemu_thread_join(&mis->fault_thread);



        if (postcopy_notify(POSTCOPY_NOTIFY_INBOUND_END, &local_err)) {

            error_report_err(local_err);

            return -1;
@@ -541,11 +547,6 @@ int postcopy_ram_incoming_cleanup(MigrationIncomingState *mis) 
        if (qemu_ram_foreach_migratable_block(cleanup_range, mis)) {

            return -1;

        }

        /* Let the fault thread quit */

        atomic_set(&mis->fault_thread_quit, 1);

        postcopy_fault_thread_notify(mis);

        trace_postcopy_ram_incoming_cleanup_join();

        qemu_thread_join(&mis->fault_thread);



        trace_postcopy_ram_incoming_cleanup_closeuf();

        close(mis->userfault_fd);