migration: restrict scope of incoming fd read handler

The incoming migration is processed in a coroutine and uses an fd read
handler to enter the yielded coroutine when data becomes available.

The read handler was set too broadly, so that spurious coroutine entries
were be triggered if other coroutine users yielded (like the block
layer's bdrv_write() function).

Install the fd read only only when yielding for more data to become
available.  This prevents spurious coroutine entries which break code
that assumes only a specific set of places can re-enter the coroutine.

This patch fixes crashes in block/raw-posix.c that are triggered with
"migrate -b" when qiov becomes a dangling pointer due to a spurious
coroutine entry that frees qiov early.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360598505-5512-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

migration.c

@@ -95,7 +95,6 @@ static void process_incoming_migration_co(void *opaque)
     int ret;
 
     ret = qemu_loadvm_state(f);
-    qemu_set_fd_handler(qemu_get_fd(f), NULL, NULL, NULL);
     qemu_fclose(f);
     if (ret < 0) {
         fprintf(stderr, "load of migration failed\n");
@@ -115,12 +114,6 @@ static void process_incoming_migration_co(void *opaque)
     }
 }
 
-static void enter_migration_coroutine(void *opaque)
-{
-    Coroutine *co = opaque;
-    qemu_coroutine_enter(co, NULL);
-}
-
 void process_incoming_migration(QEMUFile *f)
 {
     Coroutine *co = qemu_coroutine_create(process_incoming_migration_co);
@@ -128,7 +121,6 @@ void process_incoming_migration(QEMUFile *f)
 
     assert(fd != -1);
     socket_set_nonblock(fd);
-    qemu_set_fd_handler(fd, enter_migration_coroutine, NULL, co);
     qemu_coroutine_enter(co, f);
 }