From: Markus Armbruster <armbru@redhat.com>
To: Arun Menon <armenon@redhat.com>
Cc: qemu-devel@nongnu.org, "Michael S. Tsirkin" <mst@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Eric Farman" <farman@linux.ibm.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"David Hildenbrand" <david@redhat.com>,
"Ilya Leoshkevich" <iii@linux.ibm.com>,
"Thomas Huth" <thuth@redhat.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Fam Zheng" <fam@euphon.net>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Daniel Henrique Barboza" <danielhb413@gmail.com>,
"Harsh Prateek Bora" <harshpb@linux.ibm.com>,
"Alex Williamson" <alex.williamson@redhat.com>,
"Cédric Le Goater" <clg@redhat.com>,
"Peter Xu" <peterx@redhat.com>, "Fabiano Rosas" <farosas@suse.de>,
"Hailiang Zhang" <zhanghailiang@xfusion.com>,
"Steve Sistare" <steven.sistare@oracle.com>,
qemu-s390x@nongnu.org, qemu-ppc@nongnu.org,
"Stefan Berger" <stefanb@linux.vnet.ibm.com>
Subject: Re: [PATCH v3 1/3] migration: Pass Error object errp into vm state loading functions
Date: Wed, 02 Jul 2025 15:01:51 +0200 [thread overview]
Message-ID: <87ikkawxts.fsf@pond.sub.org> (raw)
In-Reply-To: <20250702-propagate_tpm_error-v3-1-986d94540528@redhat.com> (Arun Menon's message of "Wed, 02 Jul 2025 17:06:50 +0530")
Arun Menon <armenon@redhat.com> writes:
> - This is an incremental step in converting vmstate loading
> code to report errors.
> - Minimal changes to the signature and body of the following
> functions are done,
> - vmstate_load()
> - vmstate_load_state()
> - vmstate_subsection_load()
> - qemu_load_device_state()
> - qemu_loadvm_state()
> - qemu_loadvm_section_start_full()
> - qemu_loadvm_section_part_end()
> - qemu_loadvm_state_header()
> - qemu_loadvm_state_main()
> - error_report() has been replaced with error_setg();
> and in places where error has been already set,
> error_prepend() is used to not lose information.
>
> Signed-off-by: Arun Menon <armenon@redhat.com>
[...]
> diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
> index 1ff7bd9ac425ba67cd5ca7ad97bcf570f9e19abe..056781b1c21e737583f081594d9f88b32adfd674 100644
> --- a/include/migration/vmstate.h
> +++ b/include/migration/vmstate.h
> @@ -1196,7 +1196,7 @@ extern const VMStateInfo vmstate_info_qlist;
> }
>
> int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
> - void *opaque, int version_id);
> + void *opaque, int version_id, Error **errp);
> int vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd,
> void *opaque, JSONWriter *vmdesc);
> int vmstate_save_state_with_err(QEMUFile *f, const VMStateDescription *vmsd,
> diff --git a/migration/colo.c b/migration/colo.c
> index e0f713c837f5da25d67afbd02ceb6c54024ca3af..808c980b4af3199968771cdc6cca3c2451a2f4a6 100644
> --- a/migration/colo.c
> +++ b/migration/colo.c
> @@ -659,6 +659,7 @@ void migrate_start_colo_process(MigrationState *s)
> static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
> QEMUFile *fb, QIOChannelBuffer *bioc, Error **errp)
> {
> + ERRP_GUARD();
> uint64_t total_size;
> uint64_t value;
> Error *local_err = NULL;
int ret;
bql_lock();
vm_stop_force_state(RUN_STATE_COLO);
bql_unlock();
trace_colo_vm_state_change("run", "stop");
/* FIXME: This is unnecessary for periodic checkpoint mode */
colo_send_message(mis->to_src_file, COLO_MESSAGE_CHECKPOINT_REPLY,
&local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
Avoid error_propagate() when you have ERRP_GUARD():
colo_send_message(mis->to_src_file, COLO_MESSAGE_CHECKPOINT_REPLY,
errp);
if (*errp) {
return;
}
See the big comment in qapi/error.h for additional guidance.
colo_receive_check_message(mis->from_src_file,
COLO_MESSAGE_VMSTATE_SEND, &local_err);
if (local_err) {
error_propagate(errp, local_err);
return;
}
Likewise. More of the same below, not flagging it again.
> @@ -686,11 +687,13 @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
>
> bql_lock();
> cpu_synchronize_all_states();
> - ret = qemu_loadvm_state_main(mis->from_src_file, mis);
> + ret = qemu_loadvm_state_main(mis->from_src_file, mis, &local_err);
> bql_unlock();
>
> if (ret < 0) {
> - error_setg(errp, "Load VM's live state (ram) error");
> + if (local_err != NULL) {
How can @local_err be null here?
> + error_prepend(errp, "Load VM's live state (ram) error");
Since nothing has set @errp so far, it should still point to null.
error_prepend() crashes when passed a pointer to null.
> + }
> return;
Returns without setting an error, and leaks @local_err.
Can you pass @errp to qemu_loadvm_state_main() and call it a day?
> }
>
> @@ -729,9 +732,11 @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
> bql_lock();
> vmstate_loading = true;
> colo_flush_ram_cache();
> - ret = qemu_load_device_state(fb);
> + ret = qemu_load_device_state(fb, &local_err);
> if (ret < 0) {
> - error_setg(errp, "COLO: load device state failed");
> + if (*errp != NULL) {
> + error_prepend(errp, "COLO: load device state failed");
> + }
Since nothing has set @errp so far, it should still point to null, so
this will never prepend anything.
> vmstate_loading = false;
> bql_unlock();
> return;
Returns without setting an error, and leaks @local_err.
Can you pass @errp to qemu_load_device_state()?
> diff --git a/migration/cpr.c b/migration/cpr.c
> index a50a57edca754b50e68fa9c294b3c89791e62ba8..0fb9fadac905c83689eed2b1193b282da679b6ef 100644
> --- a/migration/cpr.c
> +++ b/migration/cpr.c
> @@ -235,7 +235,7 @@ int cpr_state_load(MigrationChannel *channel, Error **errp)
> return -ENOTSUP;
> }
>
> - ret = vmstate_load_state(f, &vmstate_cpr_state, &cpr_state, 1);
> + ret = vmstate_load_state(f, &vmstate_cpr_state, &cpr_state, 1, errp);
If vmstate_load_state() fails, it should set @errp.
> if (ret) {
> error_setg(errp, "vmstate_load_state error %d", ret);
Setting it again will trip error_setv()'s assertion.
> qemu_fclose(f);
I doubt you tested your changes to the error paths. This is dangerous.
I did not look at the remainder of this patch.
[...]
next prev parent reply other threads:[~2025-07-02 13:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-02 11:36 [PATCH v3 0/3] migration: propagate vTPM errors using Error objects Arun Menon
2025-07-02 11:36 ` [PATCH v3 1/3] migration: Pass Error object errp into vm state loading functions Arun Menon
2025-07-02 12:08 ` Daniel P. Berrangé
2025-07-02 14:42 ` Arun Menon
2025-07-02 13:01 ` Markus Armbruster [this message]
2025-07-02 14:53 ` Arun Menon
2025-07-02 11:36 ` [PATCH v3 2/3] migration: Introduce a post_load_with_error hook Arun Menon
2025-07-02 11:53 ` Daniel P. Berrangé
2025-07-02 11:36 ` [PATCH v3 3/3] backends/tpm: Propagate vTPM error on migration failure Arun Menon
2025-07-02 11:55 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ikkawxts.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=armenon@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=clg@redhat.com \
--cc=cohuck@redhat.com \
--cc=danielhb413@gmail.com \
--cc=david@redhat.com \
--cc=fam@euphon.net \
--cc=farman@linux.ibm.com \
--cc=farosas@suse.de \
--cc=harshpb@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=npiggin@gmail.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=stefanb@linux.vnet.ibm.com \
--cc=steven.sistare@oracle.com \
--cc=thuth@redhat.com \
--cc=zhanghailiang@xfusion.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.