From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org, f.ebner@proxmox.com, hreitz@redhat.com,
jinpu.wang@ionos.com, peter.maydell@linaro.org,
peterx@redhat.com, s.reiter@proxmox.com
Cc: quintela@redhat.com
Subject: [PULL 17/18] tests: Pass in MigrateStart** into test_migrate_start()
Date: Wed, 2 Mar 2022 18:29:35 +0000 [thread overview]
Message-ID: <20220302182936.227719-18-dgilbert@redhat.com> (raw)
In-Reply-To: <20220302182936.227719-1-dgilbert@redhat.com>
From: Peter Xu <peterx@redhat.com>
test_migrate_start() will release the MigrateStart structure that passed
in, however that's not super clear to the caller because after the call
returned the pointer can still be referenced by the callers. It can easily
be a source of use-after-free.
Let's pass in a double pointer of that, then we can safely clear the
pointer for the caller after the struct is released.
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20220301083925.33483-26-peterx@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
dgilbert: Fixup apply since I didn't take 24/25
---
tests/qtest/migration-test.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 7b42f6fd90..0870656d82 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -495,7 +495,7 @@ static void migrate_start_destroy(MigrateStart *args)
}
static int test_migrate_start(QTestState **from, QTestState **to,
- const char *uri, MigrateStart *args)
+ const char *uri, MigrateStart **pargs)
{
g_autofree gchar *arch_source = NULL;
g_autofree gchar *arch_target = NULL;
@@ -507,6 +507,7 @@ static int test_migrate_start(QTestState **from, QTestState **to,
g_autofree char *shmem_path = NULL;
const char *arch = qtest_get_arch();
const char *machine_opts = NULL;
+ MigrateStart *args = *pargs;
const char *memory_size;
int ret = 0;
@@ -621,6 +622,8 @@ static int test_migrate_start(QTestState **from, QTestState **to,
out:
migrate_start_destroy(args);
+ /* This tells the caller that this structure is gone */
+ *pargs = NULL;
return ret;
}
@@ -665,7 +668,7 @@ static int migrate_postcopy_prepare(QTestState **from_ptr,
g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
QTestState *from, *to;
- if (test_migrate_start(&from, &to, uri, args)) {
+ if (test_migrate_start(&from, &to, uri, &args)) {
return -1;
}
@@ -788,7 +791,7 @@ static void test_baddest(void)
args->hide_stderr = true;
- if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", args)) {
+ if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", &args)) {
return;
}
migrate_qmp(from, "tcp:127.0.0.1:0", "{}");
@@ -804,7 +807,7 @@ static void test_precopy_unix_common(bool dirty_ring)
args->use_dirty_ring = dirty_ring;
- if (test_migrate_start(&from, &to, uri, args)) {
+ if (test_migrate_start(&from, &to, uri, &args)) {
return;
}
@@ -892,7 +895,7 @@ static void test_xbzrle(const char *uri)
MigrateStart *args = migrate_start_new();
QTestState *from, *to;
- if (test_migrate_start(&from, &to, uri, args)) {
+ if (test_migrate_start(&from, &to, uri, &args)) {
return;
}
@@ -946,7 +949,7 @@ static void test_precopy_tcp(void)
g_autofree char *uri = NULL;
QTestState *from, *to;
- if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", args)) {
+ if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", &args)) {
return;
}
@@ -991,7 +994,7 @@ static void test_migrate_fd_proto(void)
QDict *rsp;
const char *error_desc;
- if (test_migrate_start(&from, &to, "defer", args)) {
+ if (test_migrate_start(&from, &to, "defer", &args)) {
return;
}
@@ -1071,7 +1074,7 @@ static void do_test_validate_uuid(MigrateStart *args, bool should_fail)
g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
QTestState *from, *to;
- if (test_migrate_start(&from, &to, uri, args)) {
+ if (test_migrate_start(&from, &to, uri, &args)) {
return;
}
@@ -1163,7 +1166,7 @@ static void test_migrate_auto_converge(void)
*/
const int64_t expected_threshold = max_bandwidth * downtime_limit / 1000;
- if (test_migrate_start(&from, &to, uri, args)) {
+ if (test_migrate_start(&from, &to, uri, &args)) {
return;
}
@@ -1232,7 +1235,7 @@ static void test_multifd_tcp(const char *method)
QDict *rsp;
g_autofree char *uri = NULL;
- if (test_migrate_start(&from, &to, "defer", args)) {
+ if (test_migrate_start(&from, &to, "defer", &args)) {
return;
}
@@ -1318,7 +1321,7 @@ static void test_multifd_tcp_cancel(void)
args->hide_stderr = true;
- if (test_migrate_start(&from, &to, "defer", args)) {
+ if (test_migrate_start(&from, &to, "defer", &args)) {
return;
}
@@ -1357,7 +1360,7 @@ static void test_multifd_tcp_cancel(void)
args = migrate_start_new();
args->only_target = true;
- if (test_migrate_start(&from, &to2, "defer", args)) {
+ if (test_migrate_start(&from, &to2, "defer", &args)) {
return;
}
--
2.35.1
next prev parent reply other threads:[~2022-03-02 18:53 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-02 18:29 [PULL 00/18] migration queue Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 01/18] clock-vmstate: Add missing END_OF_LIST Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 02/18] virtiofsd: Let meson check for statx.stx_mnt_id Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 03/18] monitor/hmp: add support for flag argument with value Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 04/18] qapi/monitor: refactor set/expire_password with enums Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 05/18] qapi/monitor: allow VNC display id in set/expire_password Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 06/18] migration/rdma: set the REUSEADDR option for destination Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 07/18] migration: Dump sub-cmd name in loadvm_process_command tp Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 08/18] migration: Finer grained tracepoints for POSTCOPY_LISTEN Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 09/18] migration: Tracepoint change in postcopy-run bottom half Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 10/18] migration: Introduce postcopy channels on dest node Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 11/18] migration: Dump ramblock and offset too when non-same-page detected Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 12/18] migration: Add postcopy_thread_create() Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 13/18] migration: Move static var in ram_block_from_stream() into global Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 14/18] migration: Enlarge postcopy recovery to capture !-EIO too Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 15/18] migration: postcopy_pause_fault_thread() never fails Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` [PULL 16/18] migration: Add migration_incoming_transport_cleanup() Dr. David Alan Gilbert (git)
2022-03-02 18:29 ` Dr. David Alan Gilbert (git) [this message]
2022-03-02 18:29 ` [PULL 18/18] migration: Remove load_state_old and minimum_version_id_old Dr. David Alan Gilbert (git)
2022-03-03 14:46 ` [PULL 00/18] migration queue Peter Maydell
2022-03-08 18:36 ` Philippe Mathieu-Daudé
2022-03-08 18:47 ` Dr. David Alan Gilbert
2022-03-14 16:56 ` Peter Maydell
2022-03-14 17:07 ` Daniel P. Berrangé
2022-03-14 17:15 ` Peter Maydell
2022-03-14 17:24 ` Daniel P. Berrangé
2022-03-14 17:54 ` Dr. David Alan Gilbert
2022-03-14 18:08 ` Peter Maydell
2022-03-14 18:20 ` Dr. David Alan Gilbert
2022-03-14 18:53 ` Daniel P. Berrangé
2022-03-15 2:41 ` Peter Xu
2022-03-14 18:58 ` Peter Maydell
2022-03-14 19:44 ` Peter Maydell
2022-03-15 14:39 ` multifd/tcp/zlib intermittent abort (was: Re: [PULL 00/18] migration queue) Peter Maydell
2022-03-15 15:03 ` Peter Maydell
2022-03-15 15:30 ` Peter Maydell
2022-03-15 15:40 ` Daniel P. Berrangé
2022-03-15 15:44 ` multifd/tcp/zlib intermittent abort Thomas Huth
2022-03-15 17:01 ` Daniel P. Berrangé
2022-03-15 15:46 ` multifd/tcp/zlib intermittent abort (was: Re: [PULL 00/18] migration queue) Peter Maydell
2022-03-15 16:14 ` Dr. David Alan Gilbert
2022-03-15 16:21 ` Peter Maydell
2022-03-15 14:53 ` [PULL 00/18] migration queue Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220302182936.227719-18-dgilbert@redhat.com \
--to=dgilbert@redhat.com \
--cc=f.ebner@proxmox.com \
--cc=hreitz@redhat.com \
--cc=jinpu.wang@ionos.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=s.reiter@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).