All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] migration: Assign current_migration as NULL after migration
@ 2020-06-28  6:49 Keqian Zhu
  2020-07-01  7:50 ` zhukeqian
  0 siblings, 1 reply; 2+ messages in thread
From: Keqian Zhu @ 2020-06-28  6:49 UTC (permalink / raw)
  To: qemu-devel, qemu-arm
  Cc: wanghaibin.wang, Keqian Zhu, Dr . David Alan Gilbert, Juan Quintela

In migration_shutdown, global var current_migration is freed but not
assigned to NULL, which may cause heap-use-after-free problem if the
following code logic is abnormal.

Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
---
 migration/migration.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/migration/migration.c b/migration/migration.c
index 481a590f72..effffd7332 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -189,6 +189,7 @@ void migration_shutdown(void)
      */
     migrate_fd_cancel(current_migration);
     object_unref(OBJECT(current_migration));
+    current_migration = NULL;
 }
 
 /* For outgoing */
-- 
2.19.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] migration: Assign current_migration as NULL after migration
  2020-06-28  6:49 [PATCH] migration: Assign current_migration as NULL after migration Keqian Zhu
@ 2020-07-01  7:50 ` zhukeqian
  0 siblings, 0 replies; 2+ messages in thread
From: zhukeqian @ 2020-07-01  7:50 UTC (permalink / raw)
  To: qemu-devel, qemu-arm
  Cc: wanghaibin.wang, Dr . David Alan Gilbert, Juan Quintela

Please ignore this patch :-)

If we shutdown VM during migration, the migration thread may still
ref current_migration at this point.

On 2020/6/28 14:49, Keqian Zhu wrote:
> In migration_shutdown, global var current_migration is freed but not
> assigned to NULL, which may cause heap-use-after-free problem if the
> following code logic is abnormal.
> 
> Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
> ---
>  migration/migration.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/migration/migration.c b/migration/migration.c
> index 481a590f72..effffd7332 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -189,6 +189,7 @@ void migration_shutdown(void)
>       */
>      migrate_fd_cancel(current_migration);
>      object_unref(OBJECT(current_migration));
> +    current_migration = NULL;
>  }
>  
>  /* For outgoing */
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-01  7:51 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-28  6:49 [PATCH] migration: Assign current_migration as NULL after migration Keqian Zhu
2020-07-01  7:50 ` zhukeqian

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.