From patchwork Fri Feb 26 15:17:34 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Shah X-Patchwork-Id: 589097 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id BCC8E1401DA for ; Sat, 27 Feb 2016 02:26:39 +1100 (AEDT) Received: from localhost ([::1]:50484 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZKHt-0000Wu-P1 for incoming@patchwork.ozlabs.org; Fri, 26 Feb 2016 10:26:37 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36570) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZK9W-0002rO-2e for qemu-devel@nongnu.org; Fri, 26 Feb 2016 10:17:59 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aZK9T-0004HF-Qs for qemu-devel@nongnu.org; Fri, 26 Feb 2016 10:17:57 -0500 Received: from mx1.redhat.com ([209.132.183.28]:37551) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZK9T-0004H7-DW for qemu-devel@nongnu.org; Fri, 26 Feb 2016 10:17:55 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id 1DC257F0B8; Fri, 26 Feb 2016 15:17:55 +0000 (UTC) Received: from localhost (ovpn-113-204.phx2.redhat.com [10.3.113.204]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u1QFHrav001430; Fri, 26 Feb 2016 10:17:54 -0500 From: Amit Shah To: Peter Maydell Date: Fri, 26 Feb 2016 20:47:34 +0530 Message-Id: <0aa6aefc9c93db1f64e3ba406ee5234da75b545b.1456499794.git.amit.shah@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: Juan Quintela , qemu list , Matthew.Fortune@imgtec.com, Paolo Bonzini , Amit Shah , den@openvz.org, richard.weiyang@gmail.com, "Dr. David Alan Gilbert" , silbe@linux.vnet.ibm.com Subject: [Qemu-devel] [PULL 5/6] migration (ordinary): move bdrv_invalidate_cache_all of of coroutine context X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org From: "Denis V. Lunev" There is a possibility to hit an assert in qcow2_get_specific_info that s->qcow_version is undefined. This happens when VM in starting from suspended state, i.e. it processes incoming migration, and in the same time 'info block' is called. The problem is that qcow2_invalidate_cache() closes the image and memset()s BDRVQcowState in the middle. The patch moves processing of bdrv_invalidate_cache_all out of coroutine context for standard migration to avoid that. Signed-off-by: Denis V. Lunev Reviewed-by: Fam Zheng CC: Paolo Bonzini CC: Juan Quintela CC: Amit Shah Message-Id: <1456304019-10507-2-git-send-email-den@openvz.org> [Amit: Fix a use-after-free bug] Signed-off-by: Amit Shah --- include/migration/migration.h | 2 + migration/migration.c | 89 ++++++++++++++++++++++++------------------- 2 files changed, 51 insertions(+), 40 deletions(-) diff --git a/include/migration/migration.h b/include/migration/migration.h index 85b6026..ac2c12c 100644 --- a/include/migration/migration.h +++ b/include/migration/migration.h @@ -104,6 +104,8 @@ struct MigrationIncomingState { QemuMutex rp_mutex; /* We send replies from multiple threads */ void *postcopy_tmp_page; + QEMUBH *bh; + int state; /* See savevm.c */ LoadStateEntry_Head loadvm_handlers; diff --git a/migration/migration.c b/migration/migration.c index fc5e50b..0129d9f 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -323,10 +323,56 @@ void qemu_start_incoming_migration(const char *uri, Error **errp) } } +static void process_incoming_migration_bh(void *opaque) +{ + Error *local_err = NULL; + MigrationIncomingState *mis = opaque; + + /* Make sure all file formats flush their mutable metadata */ + bdrv_invalidate_cache_all(&local_err); + if (local_err) { + migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE, + MIGRATION_STATUS_FAILED); + error_report_err(local_err); + migrate_decompress_threads_join(); + exit(EXIT_FAILURE); + } + + /* + * This must happen after all error conditions are dealt with and + * we're sure the VM is going to be running on this host. + */ + qemu_announce_self(); + + /* If global state section was not received or we are in running + state, we need to obey autostart. Any other state is set with + runstate_set. */ + + if (!global_state_received() || + global_state_get_runstate() == RUN_STATE_RUNNING) { + if (autostart) { + vm_start(); + } else { + runstate_set(RUN_STATE_PAUSED); + } + } else { + runstate_set(global_state_get_runstate()); + } + migrate_decompress_threads_join(); + /* + * This must happen after any state changes since as soon as an external + * observer sees this event they might start to prod at the VM assuming + * it's ready to use. + */ + migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE, + MIGRATION_STATUS_COMPLETED); + qemu_bh_delete(mis->bh); + migration_incoming_state_destroy(); +} + static void process_incoming_migration_co(void *opaque) { QEMUFile *f = opaque; - Error *local_err = NULL; MigrationIncomingState *mis; PostcopyState ps; int ret; @@ -369,45 +415,8 @@ static void process_incoming_migration_co(void *opaque) exit(EXIT_FAILURE); } - /* Make sure all file formats flush their mutable metadata */ - bdrv_invalidate_cache_all(&local_err); - if (local_err) { - migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE, - MIGRATION_STATUS_FAILED); - error_report_err(local_err); - migrate_decompress_threads_join(); - exit(EXIT_FAILURE); - } - - /* - * This must happen after all error conditions are dealt with and - * we're sure the VM is going to be running on this host. - */ - qemu_announce_self(); - - /* If global state section was not received or we are in running - state, we need to obey autostart. Any other state is set with - runstate_set. */ - - if (!global_state_received() || - global_state_get_runstate() == RUN_STATE_RUNNING) { - if (autostart) { - vm_start(); - } else { - runstate_set(RUN_STATE_PAUSED); - } - } else { - runstate_set(global_state_get_runstate()); - } - migrate_decompress_threads_join(); - /* - * This must happen after any state changes since as soon as an external - * observer sees this event they might start to prod at the VM assuming - * it's ready to use. - */ - migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE, - MIGRATION_STATUS_COMPLETED); - migration_incoming_state_destroy(); + mis->bh = qemu_bh_new(process_incoming_migration_bh, mis); + qemu_bh_schedule(mis->bh); } void process_incoming_migration(QEMUFile *f)