Please ignore this patch :-)
If we shutdown VM during migration, the migration thread may still
ref current_migration at this point.
On 2020/6/28 14:49, Keqian Zhu wrote:
> In migration_shutdown, global var current_migration is freed but not
> assigned to NULL, which may cause heap-use-after-free problem if the
> following code logic is abnormal.
>
> Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
> ---
> migration/migration.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/migration/migration.c b/migration/migration.c
> index 481a590f72..effffd7332 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -189,6 +189,7 @@ void migration_shutdown(void)
> */
> migrate_fd_cancel(current_migration);
> object_unref(OBJECT(current_migration));
> + current_migration = NULL;
> }
>
> /* For outgoing */
>