[Qemu-commits] [qemu/qemu] 4daff8: migration: Check current

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 4daff8: migration: Check current_migration in

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] 4daff8: migration: Check current_migration in migration_is...
Date:	Fri, 15 Nov 2024 10:53:03 -0800

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 4daff81efb381d1138832648511218a646f8092e
      
https://github.com/qemu/qemu/commit/4daff81efb381d1138832648511218a646f8092e
  Author: Peter Xu <peterx@redhat.com>
  Date:   2024-11-13 (Wed, 13 Nov 2024)

  Changed paths:
    M migration/migration.c

  Log Message:
  -----------
  migration: Check current_migration in migration_is_running()

Report shows that commit 34a8892dec broke iotest 055:

https://lore.kernel.org/r/b8806360-a2b6-4608-83a3-db67e264c733@linaro.org

Denis Rastyogin reported more such issue:

https://lore.kernel.org/r/20241107114256.106831-1-gerben@altlinux.org

  In this merge, the migration_is_idle() function was replaced with
  migrate_is_running().  However, the null pointer check for `s` was
  removed, leading to a dereference of `s` when using qemu-system-x86_64
  -hda *.vdi.

When replacing migration_is_idle() with "!migration_is_running()", it was
overlooked that the idle helper also checks for current_migration being
available first.  Sample stack dump:

 migration_is_running
 is_busy
 migrate_add_blocker_modes
 migrate_add_blocker_normal
 vmdk_open
 bdrv_open_driver
 bdrv_open_common
 bdrv_open_inherit
 bdrv_open
 blk_new_open
 blockdev_init
 drive_new
 drive_init_func
 qemu_opts_foreach
 configure_blockdev
 qemu_create_early_backends
 qemu_init
 main

The check would be there if the whole series was applied, but since the
last patches in the previous series rely on some other patches to land
first, we need to recover the behavior of migration_is_idle() first before
that whole set will be merged.

I left migration_is_active / migration_is_device alone, as I don't think
it's possible for them to hit uninitialized current_migration. Also they're
prone to removal soon from VFIO side.

Cc: Peter Maydell <peter.maydell@linaro.org>
Fixes: 34a8892dec ("migration: Drop migration_is_idle()")
Reported-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reported-by: Denis Rastyogin <gerben@altlinux.org>
Tested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20241105182725.2393425-1-peterx@redhat.com
[peterx: enhance commit msg]
Signed-off-by: Peter Xu <peterx@redhat.com>


  Commit: 0926c002c7c71749a781de13f28b0481e029d323
      
https://github.com/qemu/qemu/commit/0926c002c7c71749a781de13f28b0481e029d323
  Author: Dmitry Frolov <frolov@swemel.ru>
  Date:   2024-11-13 (Wed, 13 Nov 2024)

  Changed paths:
    M migration/multifd.c

  Log Message:
  -----------
  migration: fix-possible-int-overflow

stat64_add() takes uint64_t as 2nd argument, but both
"p->next_packet_size" and "p->packet_len" are uint32_t.
Thus, theyr sum may overflow uint32_t.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Link: https://lore.kernel.org/r/20241113140509.325732-2-frolov@swemel.ru
Signed-off-by: Peter Xu <peterx@redhat.com>


  Commit: 43f2def68476697deb0d119cbae51b20019c6c86
      
https://github.com/qemu/qemu/commit/43f2def68476697deb0d119cbae51b20019c6c86
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-11-15 (Fri, 15 Nov 2024)

  Changed paths:
    M migration/migration.c
    M migration/multifd.c

  Log Message:
  -----------
  Merge tag 'migration-20241113-pull-request' of https://gitlab.com/peterx/qemu 
into staging

Migration pull request for 9.2-rc1

- Dmitry's small patch to quiesce a warning in possible uint32_t overflow
- Peter's fix on a recent regression to iotests (and potentially elsewhere)

# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCZzUJDxIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1wbuEQEAoRiMlHo4cfRTuViRoGHwFkqboLdyqsC9
# ZtDcZ2efgMQBAMR65KSgEAakbm3h4fuj0lUTkg564Wi9XkBleo/w3tAD
# =uIeB
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 13 Nov 2024 20:16:15 GMT
# gpg:                using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg:                issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [marginal]
# gpg:                 aka "Peter Xu <peterx@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D  D1A9 3B5F CCCD F3AB D706

* tag 'migration-20241113-pull-request' of https://gitlab.com/peterx/qemu:
  migration: fix-possible-int-overflow
  migration: Check current_migration in migration_is_running()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/f0a5a31c33a8...43f2def68476

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] 4daff8: migration: Check current_migration in migration_is..., Peter Maydell, 2024/11/15
- [Qemu-commits] [qemu/qemu] 4daff8: migration: Check current_migration in migration_is..., Peter Maydell <=

Prev by Date: [Qemu-commits] [qemu/qemu] 43f2de: Merge tag 'migration-20241113-pull-request' of htt...
Next by Date: [Qemu-commits] [qemu/qemu] 9b5252: migration: Check current_migration in migration_is...
Previous by thread: [Qemu-commits] [qemu/qemu] 4daff8: migration: Check current_migration in migration_is...
Next by thread: [Qemu-commits] [qemu/qemu] 43f2de: Merge tag 'migration-20241113-pull-request' of htt...
Index(es):
- Date
- Thread