* Re: [PATCH] migration/migration: fix null pointer dereference in migration block
[not found] <20241107114256.106831-1-gerben@altlinux.org>
@ 2024-11-07 15:04 ` Peter Xu
0 siblings, 0 replies; only message in thread
From: Peter Xu @ 2024-11-07 15:04 UTC (permalink / raw)
To: gerben; +Cc: farosas, clg, qemu-devel, sdl.qemu
On Thu, Nov 07, 2024 at 02:42:56PM +0300, gerben@altlinux.org wrote:
> From: Denis Rastyogin <gerben@altlinux.org>
Hi, Denis,
Thanks for the patch, there's an identical patch already on the list to fix
it:
https://lore.kernel.org/r/20241105182725.2393425-1-peterx@redhat.com
>
> In this merge, the migration_is_idle() function was replaced with migrate_is_running().
> However, the null pointer check for `s` was removed, leading to a dereference of `s`
> when using qemu-system-x86_64 -hda *.vdi.
> A null check for `s` has been added before its use to prevent the dereference.
This is more severe than I thought.. I think I'll send the pull sooner,
and I'll update the commit message a bit too to reflect your report here.
>
> Fixes: cbad455118 ("Merge tag 'migration-20241030-pull-request' of https://gitlab.com/peterx/qemu into staging")
Definitely not the merge commit to blame..
> Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Thanks,
> ---
> migration/migration.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/migration/migration.c b/migration/migration.c
> index aedf7f0751..8c5bd0a75c 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -1117,6 +1117,10 @@ bool migration_is_running(void)
> {
> MigrationState *s = current_migration;
>
> + if (!s) {
> + return false;
> + }
> +
> switch (s->state) {
> case MIGRATION_STATUS_ACTIVE:
> case MIGRATION_STATUS_POSTCOPY_ACTIVE:
> --
> 2.42.2
>
--
Peter Xu
^ permalink raw reply [flat|nested] only message in thread