From nobody Thu Nov 6 03:28:11 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1540544140834839.2206965726541; Fri, 26 Oct 2018 01:55:40 -0700 (PDT) Received: from localhost ([::1]:58974 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gFxu7-00031P-PP for importer@patchew.org; Fri, 26 Oct 2018 04:55:39 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39046) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gFxsm-0002KM-7P for qemu-devel@nongnu.org; Fri, 26 Oct 2018 04:54:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gFxsh-0004ek-J5 for qemu-devel@nongnu.org; Fri, 26 Oct 2018 04:54:16 -0400 Received: from mx22.baidu.com ([220.181.50.185]:38255 helo=baidu.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gFxsh-0004bv-6T for qemu-devel@nongnu.org; Fri, 26 Oct 2018 04:54:11 -0400 Received: from M1-MAIL-EX11.internal.baidu.com (unknown [10.44.89.51]) by Forcepoint Email with ESMTPS id 37A926A1D262C; Fri, 26 Oct 2018 16:37:48 +0800 (CST) Received: from 9B900DC7A53C154.internal.baidu.com (10.44.111.8) by M1-MAIL-EX11.internal.baidu.com (10.44.89.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Fri, 26 Oct 2018 16:37:48 +0800 From: Jia Lina To: , Date: Fri, 26 Oct 2018 16:36:20 +0800 Message-ID: <20181026083620.10172-1-jialina01@baidu.com> X-Mailer: git-send-email 2.13.2.windows.1 MIME-Version: 1.0 X-Originating-IP: [10.44.111.8] X-ClientProxiedBy: M1-MAIL-EX10.internal.baidu.com (10.44.89.50) To M1-MAIL-EX11.internal.baidu.com (10.44.89.51) X-Baidu-BdMsfe-DateCheck: 1_M1-MAIL-EX11_2018-10-26 16:37:48:599 X-Baidu-BdMsfe-VirusCheck: M1-MAIL-EX11_GRAY_Inside_WithoutAtta_2018-10-26 16:37:48:630 X-Baidu-BdMsfe-DateCheck: 1_M1-MAIL-EX11_2018-10-26 16:37:48:646 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 220.181.50.185 Subject: [Qemu-devel] [PATCH v2] migration: avoid segmentfault when take a snapshot of a VM which being migrated X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Zhang Yu , Jia Lina , qemu-devel@nongnu.org, Chai Wen Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" During an active background migration, snapshot will trigger a segmentfault. As snapshot clears the "current_migration" struct and updates "to_dst_file" before it finds out that there is a migration task, Migration accesses the null pointer in "current_migration" struct and qemu crashes eventually. Signed-off-by: Jia Lina Signed-off-by: Chai Wen Signed-off-by: Zhang Yu Reviewed-by: Dr. David Alan Gilbert --- migration/migration.c | 2 +- migration/migration.h | 2 ++ migration/savevm.c | 19 +++++++++++-------- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/migration/migration.c b/migration/migration.c index d6ae879dc8..b5e71c7bfc 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -711,7 +711,7 @@ MigrationParameters *qmp_query_migrate_parameters(Error= **errp) * Return true if we're already in the middle of a migration * (i.e. any of the active or setup states) */ -static bool migration_is_setup_or_active(int state) +bool migration_is_setup_or_active(int state) { switch (state) { case MIGRATION_STATUS_ACTIVE: diff --git a/migration/migration.h b/migration/migration.h index f7813f8261..e413d4d8b6 100644 --- a/migration/migration.h +++ b/migration/migration.h @@ -241,6 +241,8 @@ void migrate_fd_error(MigrationState *s, const Error *e= rror); =20 void migrate_fd_connect(MigrationState *s, Error *error_in); =20 +bool migration_is_setup_or_active(int state); + void migrate_init(MigrationState *s); bool migration_is_blocked(Error **errp); /* True if outgoing migration has entered postcopy phase */ diff --git a/migration/savevm.c b/migration/savevm.c index 2d10e45582..eeade8cb92 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -1319,21 +1319,25 @@ static int qemu_savevm_state(QEMUFile *f, Error **e= rrp) MigrationState *ms =3D migrate_get_current(); MigrationStatus status; =20 - migrate_init(ms); - - ms->to_dst_file =3D f; + if (migration_is_setup_or_active(ms->state) || + ms->state =3D=3D MIGRATION_STATUS_CANCELLING || + ms->state =3D=3D MIGRATION_STATUS_COLO) { + error_setg(errp, QERR_MIGRATION_ACTIVE); + return -EINVAL; + } =20 if (migration_is_blocked(errp)) { - ret =3D -EINVAL; - goto done; + return -EINVAL; } =20 if (migrate_use_block()) { error_setg(errp, "Block migration and snapshots are incompatible"); - ret =3D -EINVAL; - goto done; + return -EINVAL; } =20 + migrate_init(ms); + ms->to_dst_file =3D f; + qemu_mutex_unlock_iothread(); qemu_savevm_state_header(f); qemu_savevm_state_setup(f); @@ -1355,7 +1359,6 @@ static int qemu_savevm_state(QEMUFile *f, Error **err= p) error_setg_errno(errp, -ret, "Error while writing VM state"); } =20 -done: if (ret !=3D 0) { status =3D MIGRATION_STATUS_FAILED; } else { --=20 2.13.2.windows.1