From patchwork Mon Nov 30 17:21:19 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [01/23] migration: Fix use of file after release
Date: Mon, 30 Nov 2009 07:21:19 -0000
From: Jan Kiszka <jan.kiszka@siemens.com>
X-Patchwork-Id: 39836
Message-Id: <20091130172119.22889.67026.stgit@mchn012c.ww002.siemens.net>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: qemu-devel@nongnu.org, Liran Schour <lirans@il.ibm.com>,
 Pierre Riteau <pierre.riteau@irisa.fr>

qemu_fclose frees the passed file structure, but do_migrate_set_speed
may access it later on. Fix it by setting file NULL in
migrate_fd_cleanup and checking for this.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

---
migration.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/migration.c b/migration.c
index 3ae0be8..dcde7c3 100644
--- a/migration.c
+++ b/migration.c
@@ -118,12 +118,11 @@ void do_migrate_set_speed(Monitor *mon, const QDict *qdict, QObject **ret_data)
     }
 
     max_throttle = (uint32_t)d;
-    s = migrate_to_fms(current_migration);
 
-    if (s) {
+    s = migrate_to_fms(current_migration);
+    if (s && s->file) {
         qemu_file_set_rate_limit(s->file, max_throttle);
     }
-    
 }
 
 /* amount of nanoseconds we are willing to wait for migration to be down.
@@ -209,6 +208,7 @@ void migrate_fd_cleanup(FdMigrationState *s)
     if (s->file) {
         dprintf("closing file\n");
         qemu_fclose(s->file);
+        s->file = NULL;
     }
 
     if (s->fd != -1)