From: Peter Xu <peterx@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, Fabiano Rosas <farosas@suse.de>,
David Hildenbrand <david@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Steve Sistare <steven.sistare@oracle.com>,
Markus Armbruster <armbru@redhat.com>
Subject: Re: [PULL 42/45] migration: cpr-exec mode
Date: Tue, 21 Oct 2025 11:59:08 -0400 [thread overview]
Message-ID: <aPetzFnweUu8cxEw@x1.local> (raw)
In-Reply-To: <CAFEAcA82ih8RVCm-u1oxiS0V2K4rV4jMzNb13pAV=e2ivmiDRA@mail.gmail.com>
On Tue, Oct 21, 2025 at 04:34:32PM +0100, Peter Maydell wrote:
> On Fri, 3 Oct 2025 at 16:40, Peter Xu <peterx@redhat.com> wrote:
> >
> > From: Steve Sistare <steven.sistare@oracle.com>
> >
> > Add the cpr-exec migration mode. Usage:
> > qemu-system-$arch -machine aux-ram-share=on ...
> > migrate_set_parameter mode cpr-exec
> > migrate_set_parameter cpr-exec-command \
> > <arg1> <arg2> ... -incoming <uri-1> \
> > migrate -d <uri-1>
>
> Hi; Coverity complains about this code (CID 1641397):
>
> > +static void cpr_exec_cb(void *opaque)
> > +{
> > + MigrationState *s = migrate_get_current();
> > + char **argv = strv_from_str_list(s->parameters.cpr_exec_command);
> > + Error *err = NULL;
> > +
> > + /*
> > + * Clear the close-on-exec flag for all preserved fd's. We cannot do so
> > + * earlier because they should not persist across miscellaneous fork and
> > + * exec calls that are performed during normal operation.
> > + */
> > + cpr_exec_preserve_fds();
> > +
> > + trace_cpr_exec();
> > + execvp(argv[0], argv);
> > +
> > + /*
> > + * exec should only fail if argv[0] is bogus, or has a permissions problem,
> > + * or the system is very short on resources.
> > + */
> > + g_strfreev(argv);
>
> Here we free the argv array...
>
> > + cpr_exec_unpreserve_fds();
> > +
> > + error_setg_errno(&err, errno, "execvp %s failed", argv[0]);
>
> ...but here we read from the freed memory argv[0].
>
> Presumably we can just move the free down a bit ?
Yep, will change this to:
error_setg_errno(&err, errno, "execvp %s failed", argv[0]);
g_clear_pointer(&argv, g_strfreev);
--
Peter Xu
next prev parent reply other threads:[~2025-10-21 15:59 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-03 15:39 [PULL 00/45] Staging patches Peter Xu
2025-10-03 15:39 ` [PULL 01/45] migration: push Error **errp into vmstate_subsection_load() Peter Xu
2025-10-03 15:39 ` [PULL 02/45] migration: push Error **errp into vmstate_load_state() Peter Xu
2025-10-21 15:43 ` Peter Maydell
2025-10-21 16:16 ` Peter Xu
2025-10-21 16:21 ` Peter Maydell
2025-10-21 16:46 ` Peter Xu
2025-10-21 16:49 ` Peter Maydell
2025-10-21 17:05 ` Peter Xu
2025-10-21 17:22 ` Peter Maydell
2025-10-21 18:09 ` Peter Xu
2025-10-23 21:50 ` Arun Menon
2025-10-24 15:48 ` Peter Xu
2025-10-03 15:39 ` [PULL 03/45] migration: push Error **errp into qemu_loadvm_state_header() Peter Xu
2025-10-03 15:39 ` [PULL 04/45] migration: push Error **errp into vmstate_load() Peter Xu
2025-10-03 15:39 ` [PULL 05/45] migration: push Error **errp into loadvm_process_command() Peter Xu
2025-10-03 15:39 ` [PULL 06/45] migration: push Error **errp into loadvm_handle_cmd_packaged() Peter Xu
2025-10-03 15:39 ` [PULL 07/45] migration: push Error **errp into qemu_loadvm_state() Peter Xu
2025-10-03 15:39 ` [PULL 08/45] migration: push Error **errp into qemu_load_device_state() Peter Xu
2025-10-03 15:39 ` [PULL 09/45] migration: push Error **errp into qemu_loadvm_state_main() Peter Xu
2025-10-03 15:39 ` [PULL 10/45] migration: push Error **errp into qemu_loadvm_section_start_full() Peter Xu
2025-10-03 15:39 ` [PULL 11/45] migration: push Error **errp into qemu_loadvm_section_part_end() Peter Xu
2025-10-03 15:39 ` [PULL 12/45] migration: Update qemu_file_get_return_path() docs and remove dead checks Peter Xu
2025-10-03 15:39 ` [PULL 13/45] migration: make loadvm_postcopy_handle_resume() void Peter Xu
2025-10-03 15:39 ` [PULL 14/45] migration: push Error **errp into ram_postcopy_incoming_init() Peter Xu
2025-10-03 15:39 ` [PULL 15/45] migration: push Error **errp into loadvm_postcopy_handle_advise() Peter Xu
2025-10-03 15:39 ` [PULL 16/45] migration: push Error **errp into loadvm_postcopy_handle_listen() Peter Xu
2025-10-03 15:39 ` [PULL 17/45] migration: push Error **errp into loadvm_postcopy_handle_run() Peter Xu
2025-10-03 15:39 ` [PULL 18/45] migration: push Error **errp into loadvm_postcopy_ram_handle_discard() Peter Xu
2025-10-03 15:39 ` [PULL 19/45] migration: push Error **errp into loadvm_handle_recv_bitmap() Peter Xu
2025-10-03 15:39 ` [PULL 20/45] migration: Return -1 on memory allocation failure in ram.c Peter Xu
2025-10-03 15:39 ` [PULL 21/45] migration: push Error **errp into loadvm_process_enable_colo() Peter Xu
2025-10-03 15:39 ` [PULL 22/45] migration: push Error **errp into loadvm_postcopy_handle_switchover_start() Peter Xu
2025-10-03 15:39 ` [PULL 23/45] migration: Capture error in postcopy_ram_listen_thread() Peter Xu
2025-10-21 14:53 ` Peter Maydell
2025-10-21 15:37 ` Peter Xu
2025-10-28 5:46 ` Arun Menon
2025-10-03 15:39 ` [PULL 24/45] migration: Remove error variant of vmstate_save_state() function Peter Xu
2025-10-03 15:39 ` [PULL 25/45] migration: Add error-parameterized function variants in VMSD struct Peter Xu
2025-10-03 15:39 ` [PULL 26/45] backends/tpm: Propagate vTPM error on migration failure Peter Xu
2025-10-03 15:39 ` [PULL 27/45] io/crypto: Move tls premature termination handling into QIO layer Peter Xu
2025-10-10 8:00 ` iotest 233 is failing (was: [PULL 27/45] io/crypto: Move tls premature termination handling into QIO layer) Thomas Huth
2025-10-10 8:35 ` iotest 233 is failing Thomas Huth
2025-10-03 15:39 ` [PULL 28/45] migration: Make migration_has_failed() work even for CANCELLING Peter Xu
2025-10-03 15:39 ` [PULL 29/45] migration: HMP: Adjust the order of output fields Peter Xu
2025-10-03 15:39 ` [PULL 30/45] migration/multifd/tls: Cleanup BYE message processing on sender side Peter Xu
2025-10-03 15:39 ` [PULL 31/45] migration: Fix state transition in postcopy_start() error handling Peter Xu
2025-10-03 15:39 ` [PULL 32/45] migration: ensure APIC is loaded prior to VFIO PCI devices Peter Xu
2025-10-03 15:39 ` [PULL 33/45] include/system/memory.h: Clarify address_space_destroy() behaviour Peter Xu
2025-10-03 15:39 ` [PULL 34/45] memory: New AS helper to serialize destroy+free Peter Xu
2025-10-03 15:39 ` [PULL 35/45] physmem: Destroy all CPU AddressSpaces on unrealize Peter Xu
2025-10-03 15:39 ` [PULL 36/45] migration: simplify error reporting after channel read Peter Xu
2025-10-03 15:39 ` [PULL 37/45] migration: multi-mode notifier Peter Xu
2025-11-13 20:28 ` Matthew Rosato
2025-11-13 21:04 ` Peter Xu
2025-10-03 15:39 ` [PULL 38/45] migration: add cpr_walk_fd Peter Xu
2025-10-03 15:39 ` [PULL 39/45] oslib: qemu_clear_cloexec Peter Xu
2025-10-03 15:39 ` [PULL 40/45] migration: cpr-exec-command parameter Peter Xu
2025-10-23 15:41 ` Peter Maydell
2025-10-23 16:08 ` Peter Xu
2025-10-03 15:39 ` [PULL 41/45] migration: cpr-exec save and load Peter Xu
2025-10-21 14:59 ` Peter Maydell
2025-10-03 15:39 ` [PULL 42/45] migration: cpr-exec mode Peter Xu
2025-10-21 15:34 ` Peter Maydell
2025-10-21 15:59 ` Peter Xu [this message]
2025-10-03 15:39 ` [PULL 43/45] migration: cpr-exec docs Peter Xu
2025-10-03 15:39 ` [PULL 44/45] vfio: cpr-exec mode Peter Xu
2025-10-03 15:39 ` [PULL 45/45] migration-test: test cpr-exec Peter Xu
2025-10-04 17:53 ` [PULL 00/45] Staging patches Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPetzFnweUu8cxEw@x1.local \
--to=peterx@redhat.com \
--cc=armbru@redhat.com \
--cc=david@redhat.com \
--cc=farosas@suse.de \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=steven.sistare@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.