CA-273775: improve error handling in VM_receive_memory

Originally, once vm-migrate reached synchronisation point 1, there was only
one thread to kill in the receiving end in case VM_create or VM_restore
failed (the main memory-receiving thread in created in receive_memory).

After the vgpu-migration support, once vm-migrate reaches synchronisation
point 1, two threads will have been created in the receiving host:
1) receive_memory: the original one receiving the main memory
2) receive_vgpu: a new one receiving the vgpu memory, created when the
sending host accessed the url /migrate-vgpu/ on the receiving host.

In the receive_vgpu thread in the receiving host, if some exception occurs
while executing VM_create or VM_restore, only the main memory thread will be
killed automatically, and the receive_vgpu thread will leak (will never end).

This patch kills the receive_vgpu thread if an exception in the receive_memory
thread occurs while the receive_vgpu thread is active, preventing this leak.
It uses the `finally` clause to execute VM_create and VM_restore, and then
instruct the receive_vgpu thread to disappear regardless if VM_create/restore
succeeded or raised an exception.

Signed-off-by: Marcus Granado <[email protected]>

Author: mg12ctx

lib/xenops_server.ml

@@ -1680,29 +1680,34 @@ and perform_exn ?subtask ?result (op: operation) (t: Xenops_task.task_handle) :
 
       (* set up the destination domain *)
       debug "VM.receive_memory creating domain and restoring VIFs";
-      (try
-         perform_atomics (
-           simplify [VM_create (id, Some memory_limit);] @
-           (* Perform as many operations as possible on the destination domain before pausing the original domain *)
-           (atomics_of_operation (VM_restore_vifs id))
-         ) t;
-         Handshake.send s Handshake.Success
-       with e ->
-         Handshake.send s (Handshake.Error (Printexc.to_string e));
-         raise e
+
+      finally (fun ()->
+        (try
+           perform_atomics (
+             simplify [VM_create (id, Some memory_limit);] @
+             (* Perform as many operations as possible on the destination domain before pausing the original domain *)
+             (atomics_of_operation (VM_restore_vifs id))
+           ) t;
+           Handshake.send s Handshake.Success
+         with e ->
+           Handshake.send s (Handshake.Error (Printexc.to_string e));
+           raise e
+        );
+        debug "VM.receive_memory: Synchronisation point 1";
+
+        debug "VM.receive_memory restoring VM";
+        (* Check if there is a separate vGPU data channel *)
+        let vgpu_info = Stdext.Opt.of_exception (fun () -> Hashtbl.find vgpu_receiver_sync id) in
+        perform_atomics (
+          List.map (fun vgpu_id -> VGPU_start (vgpu_id, true)) (VGPU_DB.ids id) @ [
+            VM_restore (id, FD s, Opt.map (fun x -> FD x.vgpu_fd) vgpu_info);
+          ]) t;
+        debug "VM.receive_memory restore complete";
+      ) (fun ()->
+        (* Tell the vGPU receive thread that we're done, so that it can clean up vgpu_receiver_sync id and terminate *)
+        let vgpu_info = Stdext.Opt.of_exception (fun () -> Hashtbl.find vgpu_receiver_sync id) in
+        Opt.iter (fun x -> Event.send x.vgpu_channel () |> Event.sync) vgpu_info;
       );
-      debug "VM.receive_memory: Synchronisation point 1";
-
-      debug "VM.receive_memory restoring VM";
-      (* Check if there is a separate vGPU data channel *)
-      let vgpu_info = Stdext.Opt.of_exception (fun () -> Hashtbl.find vgpu_receiver_sync id) in
-      perform_atomics (
-        List.map (fun vgpu_id -> VGPU_start (vgpu_id, true)) (VGPU_DB.ids id) @ [
-          VM_restore (id, FD s, Opt.map (fun x -> FD x.vgpu_fd) vgpu_info);
-        ]) t;
-      debug "VM.receive_memory restore complete";
-      (* Tell the vGPU receive thread that we're done *)
-      Opt.iter (fun x -> Event.send x.vgpu_channel () |> Event.sync) vgpu_info;
       debug "VM.receive_memory: Synchronisation point 2";
 
       begin try