| Message ID | 20240119233922.32588-1-farosas@suse.de |
|---|---|
| Headers | show |
| Series | migration: Fix migration state reference counting | expand |
On Fri, Jan 19, 2024 at 08:39:17PM -0300, Fabiano Rosas wrote: > We currently have a bug when running migration code in bottom > halves. The issue has already been reported in Gitlab[1] and it > started happening very frequently on my machine for some reason. > > The issue is that we're dropping the last reference to the > MigrationState object while the cleanup bottom half is still running > and it leads to an use after free. More details on the commit message. > > This series fixes the issue and does a refactoring around the > migration BH scheduling aiming to consolidate some code so that it is > less error prone. > > 1- https://gitlab.com/qemu-project/qemu/-/issues/1969 > > CI run: https://gitlab.com/farosas/qemu/-/pipelines/1144927625 > > Fabiano Rosas (5): > migration: Fix use-after-free of migration state object > migration: Take reference to migration state around > bg_migration_vm_start_bh > migration: Reference migration state around > loadvm_postcopy_handle_run_bh > migration: Add a wrapper to qemu_bh_schedule > migration: Centralize BH creation and dispatch > > migration/migration.c | 82 +++++++++++++++++++++++++------------------ > migration/migration.h | 5 +-- > migration/savevm.c | 5 +-- > 3 files changed, 49 insertions(+), 43 deletions(-) Looks all good now, queued. I'll amend the "Resolve:" line in patch 1.
We currently have a bug when running migration code in bottom halves. The issue has already been reported in Gitlab[1] and it started happening very frequently on my machine for some reason. The issue is that we're dropping the last reference to the MigrationState object while the cleanup bottom half is still running and it leads to an use after free. More details on the commit message. This series fixes the issue and does a refactoring around the migration BH scheduling aiming to consolidate some code so that it is less error prone. 1- https://gitlab.com/qemu-project/qemu/-/issues/1969 CI run: https://gitlab.com/farosas/qemu/-/pipelines/1144927625 Fabiano Rosas (5): migration: Fix use-after-free of migration state object migration: Take reference to migration state around bg_migration_vm_start_bh migration: Reference migration state around loadvm_postcopy_handle_run_bh migration: Add a wrapper to qemu_bh_schedule migration: Centralize BH creation and dispatch migration/migration.c | 82 +++++++++++++++++++++++++------------------ migration/migration.h | 5 +-- migration/savevm.c | 5 +-- 3 files changed, 49 insertions(+), 43 deletions(-)