From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=47694 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Pfjxp-0000MU-FZ
	for qemu-devel@nongnu.org; Wed, 19 Jan 2011 21:09:30 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <tamura.yoshiaki@gmail.com>) id 1Pfjxn-0000P3-7y
	for qemu-devel@nongnu.org; Wed, 19 Jan 2011 21:09:29 -0500
Received: from mail-ww0-f53.google.com ([74.125.82.53]:36264)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tamura.yoshiaki@gmail.com>) id 1Pfjxn-0000Op-2O
	for qemu-devel@nongnu.org; Wed, 19 Jan 2011 21:09:27 -0500
Received: by wwi18 with SMTP id 18so89495wwi.10
	for <qemu-devel@nongnu.org>; Wed, 19 Jan 2011 18:09:26 -0800 (PST)
MIME-Version: 1.0
Sender: tamura.yoshiaki@gmail.com
In-Reply-To: <1292317658-15798-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
References: <1292317658-15798-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
Date: Thu, 20 Jan 2011 11:09:26 +0900
Message-ID: <AANLkTinGWnaJuQU8bDoQUiULzMqi-O3Ecm+cCu-PN8ST@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH] savevm: fix corruption in
	vmstate_subsection_load().
From: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, quintela@redhat.com
Cc: aliguori@us.ibm.com, Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>

2010/12/14 Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>:
> Although it's rare to happen in live migration, when the head of a
> byte stream contains 0x05 which is the marker of subsection, the
> loader gets corrupted because vmstate_subsection_load() continues even
> the device doesn't require it. =A0This patch adds a checker whether
> subsection is needed, and skips following routines if not needed.
>
> Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
> ---
> =A0savevm.c | =A0 =A08 +++++++-
> =A01 files changed, 7 insertions(+), 1 deletions(-)
>
> diff --git a/savevm.c b/savevm.c
> index d38f79e..72f6249 100644
> --- a/savevm.c
> +++ b/savevm.c
> @@ -1633,6 +1633,12 @@ static const VMStateDescription *vmstate_get_subse=
ction(const VMStateSubsection
> =A0static int vmstate_subsection_load(QEMUFile *f, const VMStateDescripti=
on *vmsd,
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0vo=
id *opaque)
> =A0{
> + =A0 =A0const VMStateSubsection *sub =3D vmsd->subsections;
> +
> + =A0 =A0if (!sub || !sub->needed) {
> + =A0 =A0 =A0 =A0return 0;
> + =A0 =A0}
> +
> =A0 =A0 while (qemu_peek_byte(f) =3D=3D QEMU_VM_SUBSECTION) {
> =A0 =A0 =A0 =A0 char idstr[256];
> =A0 =A0 =A0 =A0 int ret;
> @@ -1645,7 +1651,7 @@ static int vmstate_subsection_load(QEMUFile *f, con=
st VMStateDescription *vmsd,
> =A0 =A0 =A0 =A0 idstr[len] =3D 0;
> =A0 =A0 =A0 =A0 version_id =3D qemu_get_be32(f);
>
> - =A0 =A0 =A0 =A0sub_vmsd =3D vmstate_get_subsection(vmsd->subsections, i=
dstr);
> + =A0 =A0 =A0 =A0sub_vmsd =3D vmstate_get_subsection(sub, idstr);
> =A0 =A0 =A0 =A0 if (sub_vmsd =3D=3D NULL) {
> =A0 =A0 =A0 =A0 =A0 =A0 return -ENOENT;
> =A0 =A0 =A0 =A0 }
> --
> 1.7.1.2
>
>
>

Hi Juan,

This is an error that always happen with Kemari.  Could you tell
me if I'm fixing incorrectly?

Thanks,

Yoshi