Merge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.6-7' into staging

migration: - postcopy is no longer experimental - fix a use-after-free in postcopy - fix a compile warning # gpg: Signature made Fri 11 Mar 2016 12:29:33 GMT using RSA key ID 854083B6 # gpg: Good signature from "Amit Shah <amit@amitshah.net>" # gpg: aka "Amit Shah <amit@kernel.org>" # gpg: aka "Amit Shah <amitshah@gmx.net>" * remotes/amit-migration/tags/migration-for-2.6-7: postcopy: Remove the x- postcopy: listen thread is never joined migration: fix use-after-free in loadvm_postcopy_handle_run_bh migration: fix warning for source_return_path_thread Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
author: Peter Maydell <peter.maydell@linaro.org> 2016-03-14 13:51:21 +0000
committer: Peter Maydell <peter.maydell@linaro.org> 2016-03-14 13:51:21 +0000
commit: 0dcee62261cb044339b10e4bda1f67ef7dc82803 (patch)
tree: c04801726df60da67fb2fa4f8a52a07fbabbc94d /migration
parent: 8326ec2c834f7debbba0ed80a433c3ae0cf48289 (diff)
parent: 32c3db5b26a1001dbe0763bdf72fdc8017c6b7b8 (diff)
download: qemu-0dcee62261cb044339b10e4bda1f67ef7dc82803.tar.gz
2 files changed, 17 insertions, 10 deletions
diff --git a/migration/migration.c b/migration/migration.c
index 7d13377b8e..034a918d32 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -706,7 +706,7 @@ void qmp_migrate_set_capabilities(MigrationCapabilityStatusList *params,
              */
             error_report("Postcopy is not currently compatible with "
                          "compression");
-            s->enabled_capabilities[MIGRATION_CAPABILITY_X_POSTCOPY_RAM] =
+            s->enabled_capabilities[MIGRATION_CAPABILITY_POSTCOPY_RAM] =
                 false;
         }
     }
@@ -1125,7 +1125,7 @@ bool migrate_postcopy_ram(void)
 
     s = migrate_get_current();
 
-    return s->enabled_capabilities[MIGRATION_CAPABILITY_X_POSTCOPY_RAM];
+    return s->enabled_capabilities[MIGRATION_CAPABILITY_POSTCOPY_RAM];
 }
 
 bool migrate_auto_converge(void)
@@ -1269,8 +1269,7 @@ static void *source_return_path_thread(void *opaque)
     MigrationState *ms = opaque;
     QEMUFile *rp = ms->rp_state.from_dst_file;
     uint16_t header_len, header_type;
-    const int max_len = 512;
-    uint8_t buf[max_len];
+    uint8_t buf[512];
     uint32_t tmp32, sibling_error;
     ram_addr_t start = 0; /* =0 to silence warning */
     size_t  len = 0, expected_len;
@@ -1293,7 +1292,7 @@ static void *source_return_path_thread(void *opaque)
 
         if ((rp_cmd_args[header_type].len != -1 &&
             header_len != rp_cmd_args[header_type].len) ||
-            header_len > max_len) {
+            header_len > sizeof(buf)) {
             error_report("RP: Received '%s' message (0x%04x) with"
                     "incorrect length %d expecting %zu",
                     rp_cmd_args[header_type].name, header_type, header_len,
diff --git a/migration/savevm.c b/migration/savevm.c
index 96e7db5967..0a33c227c5 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1494,17 +1494,22 @@ static int loadvm_postcopy_handle_listen(MigrationIncomingState *mis)
     qemu_sem_init(&mis->listen_thread_sem, 0);
     qemu_thread_create(&mis->listen_thread, "postcopy/listen",
                        postcopy_ram_listen_thread, mis->from_src_file,
-                       QEMU_THREAD_JOINABLE);
+                       QEMU_THREAD_DETACHED);
     qemu_sem_wait(&mis->listen_thread_sem);
     qemu_sem_destroy(&mis->listen_thread_sem);
 
     return 0;
 }
 
+
+typedef struct {
+    QEMUBH *bh;
+} HandleRunBhData;
+
 static void loadvm_postcopy_handle_run_bh(void *opaque)
 {
     Error *local_err = NULL;
-    MigrationIncomingState *mis = opaque;
+    HandleRunBhData *data = opaque;
 
     /* TODO we should move all of this lot into postcopy_ram.c or a shared code
      * in migration.c
@@ -1532,13 +1537,15 @@ static void loadvm_postcopy_handle_run_bh(void *opaque)
         runstate_set(RUN_STATE_PAUSED);
     }
 
-    qemu_bh_delete(mis->bh);
+    qemu_bh_delete(data->bh);
+    g_free(data);
 }
 
 /* After all discards we can start running and asking for pages */
 static int loadvm_postcopy_handle_run(MigrationIncomingState *mis)
 {
     PostcopyState ps = postcopy_state_set(POSTCOPY_INCOMING_RUNNING);
+    HandleRunBhData *data;
 
     trace_loadvm_postcopy_handle_run();
     if (ps != POSTCOPY_INCOMING_LISTENING) {
@@ -1546,8 +1553,9 @@ static int loadvm_postcopy_handle_run(MigrationIncomingState *mis)
         return -1;
     }
 
-    mis->bh = qemu_bh_new(loadvm_postcopy_handle_run_bh, NULL);
-    qemu_bh_schedule(mis->bh);
+    data = g_new(HandleRunBhData, 1);
+    data->bh = qemu_bh_new(loadvm_postcopy_handle_run_bh, data);
+    qemu_bh_schedule(data->bh);
 
     /* We need to finish reading the stream from the package
      * and also stop reading anything more from the stream that loaded the
author	Peter Maydell <peter.maydell@linaro.org>	2016-03-14 13:51:21 +0000
committer	Peter Maydell <peter.maydell@linaro.org>	2016-03-14 13:51:21 +0000
commit	0dcee62261cb044339b10e4bda1f67ef7dc82803 (patch)
tree	c04801726df60da67fb2fa4f8a52a07fbabbc94d /migration
parent	8326ec2c834f7debbba0ed80a433c3ae0cf48289 (diff)
parent	32c3db5b26a1001dbe0763bdf72fdc8017c6b7b8 (diff)
download	qemu-0dcee62261cb044339b10e4bda1f67ef7dc82803.tar.gz