Re: [Qemu-devel] [PATCH v1 1/1] qemu/migration: fix the double free problem on from_src_file

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Xu <peterx@redhat.com>
To: QingFeng Hao <haoqf@linux.vnet.ibm.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org,
	borntraeger@de.ibm.com, cornelia.huck@de.ibm.com,
	liujbjl@linux.vnet.ibm.com, kwolf@redhat.com, famz@redhat.com
Subject: Re: [Qemu-devel] [PATCH v1 1/1] qemu/migration: fix the double free problem on from_src_file
Date: Tue, 6 Jun 2017 11:03:34 +0800	[thread overview]
Message-ID: <20170606030334.GA23580@pxdev.xzpeter.org> (raw)
In-Reply-To: <20170605104851.61818-2-haoqf@linux.vnet.ibm.com>

On Mon, Jun 05, 2017 at 12:48:51PM +0200, QingFeng Hao wrote:
> In load_vmstate, mis->from_src_file is freed twice, the first free is by
> qemu_fclose, the second is by migration_incoming_state_destroy and
> it causes Illegal instruction exception. The fix is just to remove the
> first free.
> 
> This problem is found by qemu-iotests case 068 since commit
> "660819b migration: shut src return path unconditionally". The error is:
> 068 1s ... - output mismatch (see 068.out.bad)
>     --- tests/qemu-iotests/068.out	2017-05-06 01:00:26.417270437 +0200
>     +++ 068.out.bad	2017-06-03 13:59:55.360274640 +0200
>     @@ -6,6 +6,8 @@
>      QEMU X.Y.Z monitor - type 'help' for more information
>      (qemu) savevm 0
>      (qemu) quit
>     +./common.config: line 107: 242472 Illegal instruction     (core dumped) ( if [ -n "${QEMU_NEED_PID}" ]; then
>     +    echo $BASHPID > "${QEMU_TEST_DIR}/qemu-${_QEMU_HANDLE}.pid";
>     +fi; exec "$QEMU_PROG" $QEMU_OPTIONS "$@" )
>      QEMU X.Y.Z monitor - type 'help' for more information
>     -(qemu) quit
>     -*** done
>     +(qemu) *** done
> 
> Signed-off-by: QingFeng Hao <haoqf@linux.vnet.ibm.com>
> ---
>  migration/savevm.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/migration/savevm.c b/migration/savevm.c
> index 9c320f59d0..853e14e34e 100644
> --- a/migration/savevm.c
> +++ b/migration/savevm.c
> @@ -2290,7 +2290,6 @@ int load_snapshot(const char *name, Error **errp)
>  
>      aio_context_acquire(aio_context);
>      ret = qemu_loadvm_state(f);
> -    qemu_fclose(f);
>      aio_context_release(aio_context);
>  
>      migration_incoming_state_destroy();

Thanks QingFeng for the fix!

Reviewed-by: Peter Xu <peterx@redhat.com>

Though here instead of removing the fclose(), not sure whether this is
nicer:

diff --git a/migration/savevm.c b/migration/savevm.c
index 9c320f5..1feb519 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2233,7 +2233,6 @@ int load_snapshot(const char *name, Error **errp)
     QEMUFile *f;
     int ret;
     AioContext *aio_context;
-    MigrationIncomingState *mis = migration_incoming_get_current();
 
     if (!bdrv_all_can_snapshot(&bs)) {
         error_setg(errp,
@@ -2286,7 +2285,6 @@ int load_snapshot(const char *name, Error **errp)
     }
 
     qemu_system_reset(SHUTDOWN_CAUSE_NONE);
-    mis->from_src_file = f;
 
     aio_context_acquire(aio_context);
     ret = qemu_loadvm_state(f);

Since I see we setup from_src_file but we don't really use it. If we
remove that line, we can also remove the
migration_incoming_get_current() call altogether.

Either way work for me. So my r-b stands always. :-)

-- 
Peter Xu

next prev parent reply	other threads:[~2017-06-06  3:03 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-05 10:48 [Qemu-devel] [PATCH v1 0/1] qemu/migration: fix the migration bug found by qemu-iotests case 068 QingFeng Hao
2017-06-05 10:48 ` [Qemu-devel] [PATCH v1 1/1] qemu/migration: fix the double free problem on from_src_file QingFeng Hao
2017-06-05 11:08   ` Dr. David Alan Gilbert
2017-06-06  3:03     ` QingFeng Hao
2017-06-06  3:03   ` Peter Xu [this message]
2017-06-06  3:38     ` QingFeng Hao
2017-06-06  3:50       ` Peter Xu
2017-06-06  5:06         ` QingFeng Hao

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9c320f5 dfblob:1feb519 )
 OR (
bs:"Re: [Qemu-devel] [PATCH v1 1/1] qemu/migration: fix the double free problem on from_src_file" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170606030334.GA23580@pxdev.xzpeter.org \
    --to=peterx@redhat.com \
    --cc=borntraeger@de.ibm.com \
    --cc=cornelia.huck@de.ibm.com \
    --cc=famz@redhat.com \
    --cc=haoqf@linux.vnet.ibm.com \
    --cc=kwolf@redhat.com \
    --cc=liujbjl@linux.vnet.ibm.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.