From: Trieu Huynh <vikingtc4@gmail.com>
QEMU aborts on src during multifd migration when multifd-channels is
changed after migrate_cancel:
~ # qemu-system-x86_64: ../util/yank.c:107: yank_unregister_instance:
Assertion `QLIST_EMPTY(&entry->yankfns)' failed.
Aborted (core dumped)
Below is the backtrace:
#7 yank_unregister_instance (instance=0x7fffffffd870) at ../util/yank.c:107
#8 migration_cleanup (s=0x555557649d10) at ../migration/migration.c:1338
#9 migration_cleanup_bh (opaque=0x555557649d10) at ../migration/migration.c:1345
#10 migration_bh_dispatch_bh (opaque=0x7ffe500051d0) at ../migration/migration.c:350
#11 aio_bh_call (bh=0x7ffe5006d670) at ../util/async.c:173
#12 aio_bh_poll (ctx=0x555557649210) at ../util/async.c:220
#13 aio_dispatch (ctx=0x555557649210) at ../util/aio-posix.c:390
#14 aio_ctx_dispatch (source=0x555557649210) at ../util/async.c:365
...
Steps to reproduce:
* 1. Start VM on src
./qemu-system-x86_64 \
-<other_options>
* 2. Start dest with -incoming defer
./qemu-system-x86_64 \
-incoming defer \
-<other_options>
* 3. Enable multifd with 4 channels on both src and dest
{ "execute": "qmp_capabilities" }
{ "execute": "migrate-set-capabilities",
"arguments": {"capabilities": [{"capability": "multifd",
"state": true}]} }
{ "execute": "migrate-set-parameters",
"arguments": {"multifd-channels": 4} }
{ "execute": "migrate-incoming",
"arguments": {"uri": "tcp:0:4444"} }
* 4. Trigger migration
** dest:
{ "execute": "migrate-incoming", "arguments": {"uri": "tcp:0:4444"} }
** src:
{ "execute": "migrate", "arguments": {"uri": "tcp:127.0.0.1:4444"} }
* 5. Cancel migration on src while status is active
{ "execute": "migrate_cancel" }
* 6. Immediately change multifd-channels to 2 on src
{ "execute": "migrate-set-parameters",
"arguments": {"multifd-channels": 2} }
QEMU aborts as shown above
Trieu Huynh (1):
migration/multifd: fix channel count TOCTOU race on cancel and retry
migration/multifd.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--
2.43.0