multifd: Fix a race on reading MultiFDPages_t.block

In multifd_queue_page() MultiFDPages_t.block is checked twice. Between the two checks, MultiFDPages_t.block may be reset to NULL by multifd thread. This lead to the 2nd check always true then a redundant page submitted to multifd thread again. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
author: Zhenzhong Duan <zhenzhong.duan@intel.com> 2022-10-17 15:53:50 +0800
committer: Juan Quintela <quintela@redhat.com> 2023-02-06 19:22:57 +0100
commit: ddbe628c97c3a2d211c6d96383cb4063ac3ad0f9 (patch)
tree: 24b3525ac18877715b0c449304aa29ca14b234c2 /migration
parent: 6720c2b32725e6ac404f22851a0ecd0a71d0cbe2 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/migration/multifd.c b/migration/multifd.c
index eeb4fb87ee..ad89293b4e 100644
--- a/migration/multifd.c
+++ b/migration/multifd.c
@@ -442,6 +442,7 @@ static int multifd_send_pages(QEMUFile *f)
 int multifd_queue_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset)
 {
     MultiFDPages_t *pages = multifd_send_state->pages;
+    bool changed = false;
 
     if (!pages->block) {
         pages->block = block;
@@ -454,14 +455,16 @@ int multifd_queue_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset)
         if (pages->num < pages->allocated) {
             return 1;
         }
+    } else {
+        changed = true;
     }
 
     if (multifd_send_pages(f) < 0) {
         return -1;
     }
 
-    if (pages->block != block) {
-        return  multifd_queue_page(f, block, offset);
+    if (changed) {
+        return multifd_queue_page(f, block, offset);
     }
 
     return 1;
author	Zhenzhong Duan <zhenzhong.duan@intel.com>	2022-10-17 15:53:50 +0800
committer	Juan Quintela <quintela@redhat.com>	2023-02-06 19:22:57 +0100
commit	ddbe628c97c3a2d211c6d96383cb4063ac3ad0f9 (patch)
tree	24b3525ac18877715b0c449304aa29ca14b234c2 /migration
parent	6720c2b32725e6ac404f22851a0ecd0a71d0cbe2 (diff)