From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Mon, 17 Oct 2022 07:53:50 +0000 (+0800)
Subject: multifd: Fix a race on reading MultiFDPages_t.block
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=ddbe628c97c3a2d211c6d96383cb4063ac3ad0f9;p=qemu.git

multifd: Fix a race on reading MultiFDPages_t.block

In multifd_queue_page() MultiFDPages_t.block is checked twice.
Between the two checks, MultiFDPages_t.block may be reset to NULL
by multifd thread. This lead to the 2nd check always true then a
redundant page submitted to multifd thread again.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
---

diff --git a/migration/multifd.c b/migration/multifd.c
index eeb4fb87ee..ad89293b4e 100644
--- a/migration/multifd.c
+++ b/migration/multifd.c
@@ -442,6 +442,7 @@ static int multifd_send_pages(QEMUFile *f)
 int multifd_queue_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset)
 {
     MultiFDPages_t *pages = multifd_send_state->pages;
+    bool changed = false;
 
     if (!pages->block) {
         pages->block = block;
@@ -454,14 +455,16 @@ int multifd_queue_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset)
         if (pages->num < pages->allocated) {
             return 1;
         }
+    } else {
+        changed = true;
     }
 
     if (multifd_send_pages(f) < 0) {
         return -1;
     }
 
-    if (pages->block != block) {
-        return  multifd_queue_page(f, block, offset);
+    if (changed) {
+        return multifd_queue_page(f, block, offset);
     }
 
     return 1;