[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 05/64] migration/rdma: Fix cm_event used before being initialized
From: |
Michael Roth |
Subject: |
[PATCH 05/64] migration/rdma: Fix cm_event used before being initialized |
Date: |
Tue, 19 Oct 2021 09:08:45 -0500 |
From: Li Zhijian <lizhijian@cn.fujitsu.com>
A segmentation fault was triggered when i try to abort a postcopy + rdma
migration.
since rdma_ack_cm_event releases a uninitialized cm_event in these case.
like below:
2496 ret = rdma_get_cm_event(rdma->channel, &cm_event);
2497 if (ret) {
2498 perror("rdma_get_cm_event after rdma_connect");
2499 ERROR(errp, "connecting to destination!");
2500 rdma_ack_cm_event(cm_event); <<<< cause segmentation fault
2501 goto err_rdma_source_connect;
2502 }
Refer to the rdma_get_cm_event() code, cm_event will be
updated/changed only if rdma_get_cm_event() returns 0. So it's okey to
remove the ack in error patch.
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Message-Id: <20210519064740.10828-1-lizhijian@cn.fujitsu.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
(cherry picked from commit efb208dc9c3f1e881aecff21fb1c7a7b6b869480)
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
migration/rdma.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/migration/rdma.c b/migration/rdma.c
index 00eac34232..41726cc74a 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2497,7 +2497,6 @@ static int qemu_rdma_connect(RDMAContext *rdma, Error
**errp)
if (ret) {
perror("rdma_get_cm_event after rdma_connect");
ERROR(errp, "connecting to destination!");
- rdma_ack_cm_event(cm_event);
goto err_rdma_source_connect;
}
--
2.25.1
- [PATCH 51/64] virtio-mem-pci: Fix memory leak when creating MEMORY_DEVICE_SIZE_CHANGE event, (continued)
- [PATCH 51/64] virtio-mem-pci: Fix memory leak when creating MEMORY_DEVICE_SIZE_CHANGE event, Michael Roth, 2021/10/19
- [PATCH 52/64] uas: add stream number sanity checks., Michael Roth, 2021/10/19
- [PATCH 53/64] usb/redir: avoid dynamic stack allocation (CVE-2021-3527), Michael Roth, 2021/10/19
- [PATCH 54/64] usb: limit combined packets to 1 MiB (CVE-2021-3527), Michael Roth, 2021/10/19
- [PATCH 55/64] vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545), Michael Roth, 2021/10/19
- [PATCH 56/64] vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 57/64] vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 58/64] vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 59/64] vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 60/64] vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 05/64] migration/rdma: Fix cm_event used before being initialized,
Michael Roth <=
- [PATCH 61/64] vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546), Michael Roth, 2021/10/19
- [PATCH 62/64] hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582), Michael Roth, 2021/10/19
- [PATCH 63/64] pvrdma: Ensure correct input on ring init (CVE-2021-3607), Michael Roth, 2021/10/19
- [PATCH 64/64] pvrdma: Fix the ring init error flow (CVE-2021-3608), Michael Roth, 2021/10/19
- [PATCH 06/64] target/i386: Exit tb after wrmsr, Michael Roth, 2021/10/19
- [PATCH 07/64] target/ppc: Fix load endianness for lxvwsx/lxvdsx, Michael Roth, 2021/10/19
- [PATCH 08/64] vl: allow not specifying size in -m when using -M memory-backend, Michael Roth, 2021/10/19
- Re: [PATCH 00/64] Patch Round-up for stable 6.0.1, freeze on 2021-10-26, Ani Sinha, 2021/10/19