From: Peter Xu <peterx@redhat.com>
To: QingFeng Hao <haoqf@linux.vnet.ibm.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org,
borntraeger@de.ibm.com, cornelia.huck@de.ibm.com,
liujbjl@linux.vnet.ibm.com, kwolf@redhat.com, famz@redhat.com
Subject: Re: [Qemu-devel] [PATCH v1 1/1] qemu/migration: fix the double free problem on from_src_file
Date: Tue, 6 Jun 2017 11:50:04 +0800 [thread overview]
Message-ID: <20170606035004.GB23580@pxdev.xzpeter.org> (raw)
In-Reply-To: <0bd5e8d9-9182-8680-3d75-05a122eb811f@linux.vnet.ibm.com>
On Tue, Jun 06, 2017 at 11:38:05AM +0800, QingFeng Hao wrote:
>
>
> 在 2017/6/6 11:03, Peter Xu 写道:
> >On Mon, Jun 05, 2017 at 12:48:51PM +0200, QingFeng Hao wrote:
> >>In load_vmstate, mis->from_src_file is freed twice, the first free is by
> >>qemu_fclose, the second is by migration_incoming_state_destroy and
> >>it causes Illegal instruction exception. The fix is just to remove the
> >>first free.
> >>
> >>This problem is found by qemu-iotests case 068 since commit
> >>"660819b migration: shut src return path unconditionally". The error is:
> >>068 1s ... - output mismatch (see 068.out.bad)
> >> --- tests/qemu-iotests/068.out 2017-05-06 01:00:26.417270437 +0200
> >> +++ 068.out.bad 2017-06-03 13:59:55.360274640 +0200
> >> @@ -6,6 +6,8 @@
> >> QEMU X.Y.Z monitor - type 'help' for more information
> >> (qemu) savevm 0
> >> (qemu) quit
> >> +./common.config: line 107: 242472 Illegal instruction (core dumped) ( if [ -n "${QEMU_NEED_PID}" ]; then
> >> + echo $BASHPID > "${QEMU_TEST_DIR}/qemu-${_QEMU_HANDLE}.pid";
> >> +fi; exec "$QEMU_PROG" $QEMU_OPTIONS "$@" )
> >> QEMU X.Y.Z monitor - type 'help' for more information
> >> -(qemu) quit
> >> -*** done
> >> +(qemu) *** done
> >>
> >>Signed-off-by: QingFeng Hao <haoqf@linux.vnet.ibm.com>
> >>---
> >> migration/savevm.c | 1 -
> >> 1 file changed, 1 deletion(-)
> >>
> >>diff --git a/migration/savevm.c b/migration/savevm.c
> >>index 9c320f59d0..853e14e34e 100644
> >>--- a/migration/savevm.c
> >>+++ b/migration/savevm.c
> >>@@ -2290,7 +2290,6 @@ int load_snapshot(const char *name, Error **errp)
> >> aio_context_acquire(aio_context);
> >> ret = qemu_loadvm_state(f);
> >>- qemu_fclose(f);
> >> aio_context_release(aio_context);
> >> migration_incoming_state_destroy();
> >Thanks QingFeng for the fix!
> >
> >Reviewed-by: Peter Xu <peterx@redhat.com>
> >
> >Though here instead of removing the fclose(), not sure whether this is
> >nicer:
> >
> >diff --git a/migration/savevm.c b/migration/savevm.c
> >index 9c320f5..1feb519 100644
> >--- a/migration/savevm.c
> >+++ b/migration/savevm.c
> >@@ -2233,7 +2233,6 @@ int load_snapshot(const char *name, Error **errp)
> > QEMUFile *f;
> > int ret;
> > AioContext *aio_context;
> >- MigrationIncomingState *mis = migration_incoming_get_current();
> >
> > if (!bdrv_all_can_snapshot(&bs)) {
> > error_setg(errp,
> >@@ -2286,7 +2285,6 @@ int load_snapshot(const char *name, Error **errp)
> > }
> >
> > qemu_system_reset(SHUTDOWN_CAUSE_NONE);
> >- mis->from_src_file = f;
> >
> > aio_context_acquire(aio_context);
> > ret = qemu_loadvm_state(f);
> Thanks Peter. I have a doubt on this change because I see there are several
> places
> referencing from_src_file e.g. loadvm_postcopy_ram_handle_discard, and it
> seems to
> get byte from the file and it's called by qemu_loadvm_state.
> Anyway, you remind me for the description that is "In load_snapshot" rather
> than
> "In load_vmstate". thanks
Oh I didn't really notice that. :)
It shouldn't affect imho since load snapshot won't trigger postcopy
codes. But sure current fix is good enough for me at least.
Thanks,
--
Peter Xu
next prev parent reply other threads:[~2017-06-06 3:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-05 10:48 [Qemu-devel] [PATCH v1 0/1] qemu/migration: fix the migration bug found by qemu-iotests case 068 QingFeng Hao
2017-06-05 10:48 ` [Qemu-devel] [PATCH v1 1/1] qemu/migration: fix the double free problem on from_src_file QingFeng Hao
2017-06-05 11:08 ` Dr. David Alan Gilbert
2017-06-06 3:03 ` QingFeng Hao
2017-06-06 3:03 ` Peter Xu
2017-06-06 3:38 ` QingFeng Hao
2017-06-06 3:50 ` Peter Xu [this message]
2017-06-06 5:06 ` QingFeng Hao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170606035004.GB23580@pxdev.xzpeter.org \
--to=peterx@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cornelia.huck@de.ibm.com \
--cc=famz@redhat.com \
--cc=haoqf@linux.vnet.ibm.com \
--cc=kwolf@redhat.com \
--cc=liujbjl@linux.vnet.ibm.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).