aboutsummaryrefslogtreecommitdiff
path: root/migration
diff options
context:
space:
mode:
authorLaurent Vivier <lvivier@redhat.com>2017-04-12 15:53:11 +0200
committerJuan Quintela <quintela@redhat.com>2017-04-21 12:25:40 +0200
commite8199e4895d34136735dea7e628d0de1a5afb630 (patch)
treeb09018e5bda04aead89b6077d9d21dddbfd1b889 /migration
parent66103a5796d0003cb198c25d783dcdc1596aef1f (diff)
downloadqemu-e8199e4895d34136735dea7e628d0de1a5afb630.zip
qemu-e8199e4895d34136735dea7e628d0de1a5afb630.tar.gz
qemu-e8199e4895d34136735dea7e628d0de1a5afb630.tar.bz2
migration: don't close a file descriptor while it can be in use
If we close the QEMUFile descriptor in process_incoming_migration_co() while it has been stopped by an error, the postcopy_ram_listen_thread() can try to continue to use it. And as the memory has been freed it is working with an invalid pointer and crashes. Fix this by releasing the memory after having managed the error case (which, in fact, calls exit()) Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Amit Shah <amit@kernel.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Diffstat (limited to 'migration')
-rw-r--r--migration/migration.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/migration/migration.c b/migration/migration.c
index a92d7f7..31e8141 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -435,9 +435,6 @@ static void process_incoming_migration_co(void *opaque)
qemu_thread_join(&mis->colo_incoming_thread);
}
- qemu_fclose(f);
- free_xbzrle_decoded_buf();
-
if (ret < 0) {
migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
MIGRATION_STATUS_FAILED);
@@ -446,6 +443,9 @@ static void process_incoming_migration_co(void *opaque)
exit(EXIT_FAILURE);
}
+ qemu_fclose(f);
+ free_xbzrle_decoded_buf();
+
mis->bh = qemu_bh_new(process_incoming_migration_bh, mis);
qemu_bh_schedule(mis->bh);
}