aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis V. Lunev <den@openvz.org>2016-02-24 11:53:38 +0300
committerAmit Shah <amit.shah@redhat.com>2016-02-26 20:39:50 +0530
commit0aa6aefc9c93db1f64e3ba406ee5234da75b545b (patch)
tree79ac49a096df2bd4a9a41f0a9a38546363c02f84
parent8da5ef579f956857ca1887ce0bc5e189dd9de0c4 (diff)
migration (ordinary): move bdrv_invalidate_cache_all of of coroutine context
There is a possibility to hit an assert in qcow2_get_specific_info that s->qcow_version is undefined. This happens when VM in starting from suspended state, i.e. it processes incoming migration, and in the same time 'info block' is called. The problem is that qcow2_invalidate_cache() closes the image and memset()s BDRVQcowState in the middle. The patch moves processing of bdrv_invalidate_cache_all out of coroutine context for standard migration to avoid that. Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Fam Zheng <famz@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Juan Quintela <quintela@redhat.com> CC: Amit Shah <amit.shah@redhat.com> Message-Id: <1456304019-10507-2-git-send-email-den@openvz.org> [Amit: Fix a use-after-free bug] Signed-off-by: Amit Shah <amit.shah@redhat.com>
-rw-r--r--include/migration/migration.h2
-rw-r--r--migration/migration.c89
2 files changed, 51 insertions, 40 deletions
diff --git a/include/migration/migration.h b/include/migration/migration.h
index 85b6026d10..ac2c12c2a5 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -104,6 +104,8 @@ struct MigrationIncomingState {
QemuMutex rp_mutex; /* We send replies from multiple threads */
void *postcopy_tmp_page;
+ QEMUBH *bh;
+
int state;
/* See savevm.c */
LoadStateEntry_Head loadvm_handlers;
diff --git a/migration/migration.c b/migration/migration.c
index fc5e50b0be..0129d9f420 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -323,10 +323,56 @@ void qemu_start_incoming_migration(const char *uri, Error **errp)
}
}
+static void process_incoming_migration_bh(void *opaque)
+{
+ Error *local_err = NULL;
+ MigrationIncomingState *mis = opaque;
+
+ /* Make sure all file formats flush their mutable metadata */
+ bdrv_invalidate_cache_all(&local_err);
+ if (local_err) {
+ migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
+ MIGRATION_STATUS_FAILED);
+ error_report_err(local_err);
+ migrate_decompress_threads_join();
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * This must happen after all error conditions are dealt with and
+ * we're sure the VM is going to be running on this host.
+ */
+ qemu_announce_self();
+
+ /* If global state section was not received or we are in running
+ state, we need to obey autostart. Any other state is set with
+ runstate_set. */
+
+ if (!global_state_received() ||
+ global_state_get_runstate() == RUN_STATE_RUNNING) {
+ if (autostart) {
+ vm_start();
+ } else {
+ runstate_set(RUN_STATE_PAUSED);
+ }
+ } else {
+ runstate_set(global_state_get_runstate());
+ }
+ migrate_decompress_threads_join();
+ /*
+ * This must happen after any state changes since as soon as an external
+ * observer sees this event they might start to prod at the VM assuming
+ * it's ready to use.
+ */
+ migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
+ MIGRATION_STATUS_COMPLETED);
+ qemu_bh_delete(mis->bh);
+ migration_incoming_state_destroy();
+}
+
static void process_incoming_migration_co(void *opaque)
{
QEMUFile *f = opaque;
- Error *local_err = NULL;
MigrationIncomingState *mis;
PostcopyState ps;
int ret;
@@ -369,45 +415,8 @@ static void process_incoming_migration_co(void *opaque)
exit(EXIT_FAILURE);
}
- /* Make sure all file formats flush their mutable metadata */
- bdrv_invalidate_cache_all(&local_err);
- if (local_err) {
- migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
- MIGRATION_STATUS_FAILED);
- error_report_err(local_err);
- migrate_decompress_threads_join();
- exit(EXIT_FAILURE);
- }
-
- /*
- * This must happen after all error conditions are dealt with and
- * we're sure the VM is going to be running on this host.
- */
- qemu_announce_self();
-
- /* If global state section was not received or we are in running
- state, we need to obey autostart. Any other state is set with
- runstate_set. */
-
- if (!global_state_received() ||
- global_state_get_runstate() == RUN_STATE_RUNNING) {
- if (autostart) {
- vm_start();
- } else {
- runstate_set(RUN_STATE_PAUSED);
- }
- } else {
- runstate_set(global_state_get_runstate());
- }
- migrate_decompress_threads_join();
- /*
- * This must happen after any state changes since as soon as an external
- * observer sees this event they might start to prod at the VM assuming
- * it's ready to use.
- */
- migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
- MIGRATION_STATUS_COMPLETED);
- migration_incoming_state_destroy();
+ mis->bh = qemu_bh_new(process_incoming_migration_bh, mis);
+ qemu_bh_schedule(mis->bh);
}
void process_incoming_migration(QEMUFile *f)