Commit e8199e48 authored Apr 12, 2017 by Laurent Vivier Committed by Juan Quintela Apr 21, 2017

migration: don't close a file descriptor while it can be in use



If we close the QEMUFile descriptor in process_incoming_migration_co()
while it has been stopped by an error, the postcopy_ram_listen_thread()
can try to continue to use it. And as the memory has been freed
it is working with an invalid pointer and crashes.

Fix this by releasing the memory after having managed the error
case (which, in fact, calls exit())

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit@kernel.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

parent 66103a57

migration/migration.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -435,9 +435,6 @@ static void process_incoming_migration_co(void *opaque)
		qemu_thread_join(&mis->colo_incoming_thread);
		}

		qemu_fclose(f);
		free_xbzrle_decoded_buf();

		if (ret < 0) {
		migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
		MIGRATION_STATUS_FAILED);
		@@ -446,6 +443,9 @@ static void process_incoming_migration_co(void *opaque)
		exit(EXIT_FAILURE);
		}

		qemu_fclose(f);
		free_xbzrle_decoded_buf();

		mis->bh = qemu_bh_new(process_incoming_migration_bh, mis);
		qemu_bh_schedule(mis->bh);
		}