[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] migration: NULL transport_data after freeing
|
From: |
Peter Xu |
|
Subject: |
Re: [PATCH] migration: NULL transport_data after freeing |
|
Date: |
Fri, 18 Feb 2022 09:47:59 +0800 |
On Thu, Feb 17, 2022 at 06:04:07PM +0100, Hanna Reitz wrote:
> migration_incoming_state_destroy() NULLs all objects it frees after they
> are freed, presumably so that a subsequent call to the same function
> will not free them again, unless new objects have been created in the
> meantime.
>
> transport_data is the exception, and it shows exactly this problem: When
> an incoming migration uses transport_cleanup() and transport_data, and a
> subsequent incoming migration (e.g. loadvm) occurs that does not, then
> when this second one is done, it will call transport_cleanup() on the
> old transport_data again -- which has already been freed. This is
> sometimes visible in the iotest 201, though for some reason I can only
> reproduce it with -m32.
>
> To fix this, call transport_cleanup() only when transport_data is not
> NULL (otherwise there is nothing to clean up), and set transport_data to
> NULL when it has been cleaned up (i.e. freed).
>
> (transport_cleanup() is used only by migration/socket.c, where
> socket_start_incoming_migration_internal() sets both it and
> transport_data to non-NULL values.)
>
> Signed-off-by: Hanna Reitz <hreitz@redhat.com>
I had a similar fix here:
20220216062809.57179-15-peterx@redhat.com/">https://lore.kernel.org/qemu-devel/20220216062809.57179-15-peterx@redhat.com/
Though there it was because I need migration_incoming_transport_cleanup()
for other purposes, so the fix came along.
My guess is this small fix will land earlier, if so I'll rebase. :)
Thanks,
--
Peter Xu