[pve-devel] [PATCH qemu] cherry-pick segfault fix

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH qemu] cherry-pick segfault fix
@ 2021-11-16  8:22 Fabian Grünbichler
  2021-11-16  8:36 ` [pve-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Fabian Grünbichler @ 2021-11-16  8:22 UTC (permalink / raw)
  To: pve-devel

this was reported multiple times in our forums[1 with backtraces, 2 & 3
with same log messages], fix is taken from upstream master.

1: https://forum.proxmox.com/threads/pve-7-0-14-1-vm-not-running-live-migration-kills-vm-post-ssd-move-pre-ram-move.99704/
2: https://forum.proxmox.com/threads/proxmox-7-0-14-1-crashes-vm-during-migrate-to-other-host.99678
3: https://forum.proxmox.com/threads/cannot-migrate-between-zfs-and-ceph.99685/#post-430152

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
gave it a quick spin with some NBD migrations, and the patch itselfs
looks very straight-forward..

 ...-NULL-pointer-dereference-in-mirror_.patch | 85 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 86 insertions(+)
 create mode 100644 debian/patches/extra/0007-block-mirror-fix-NULL-pointer-dereference-in-mirror_.patch

diff --git a/debian/patches/extra/0007-block-mirror-fix-NULL-pointer-dereference-in-mirror_.patch b/debian/patches/extra/0007-block-mirror-fix-NULL-pointer-dereference-in-mirror_.patch
new file mode 100644
index 0000000..f108313
--- /dev/null
+++ b/debian/patches/extra/0007-block-mirror-fix-NULL-pointer-dereference-in-mirror_.patch
@@ -0,0 +1,85 @@
+From 14889c02315b196f28b02832362dead64b015b6e Mon Sep 17 00:00:00 2001
+From: Stefano Garzarella <sgarzare@redhat.com>
+Date: Fri, 10 Sep 2021 14:45:33 +0200
+Subject: [PATCH qemu] block/mirror: fix NULL pointer dereference in
+ mirror_wait_on_conflicts()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In mirror_iteration() we call mirror_wait_on_conflicts() with
+`self` parameter set to NULL.
+
+Starting from commit d44dae1a7c we dereference `self` pointer in
+mirror_wait_on_conflicts() without checks if it is not NULL.
+
+Backtrace:
+  Program terminated with signal SIGSEGV, Segmentation fault.
+  #0  mirror_wait_on_conflicts (self=0x0, s=<optimized out>, offset=<optimized out>, bytes=<optimized out>)
+      at ../block/mirror.c:172
+  172	                self->waiting_for_op = op;
+  [Current thread is 1 (Thread 0x7f0908931ec0 (LWP 380249))]
+  (gdb) bt
+  #0  mirror_wait_on_conflicts (self=0x0, s=<optimized out>, offset=<optimized out>, bytes=<optimized out>)
+      at ../block/mirror.c:172
+  #1  0x00005610c5d9d631 in mirror_run (job=0x5610c76a2c00, errp=<optimized out>) at ../block/mirror.c:491
+  #2  0x00005610c5d58726 in job_co_entry (opaque=0x5610c76a2c00) at ../job.c:917
+  #3  0x00005610c5f046c6 in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>)
+      at ../util/coroutine-ucontext.c:173
+  #4  0x00007f0909975820 in ?? () at ../sysdeps/unix/sysv/linux/x86_64/__start_context.S:91
+      from /usr/lib64/libc.so.6
+
+Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2001404
+Fixes: d44dae1a7c ("block/mirror: fix active mirror dead-lock in mirror_wait_on_conflicts")
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+Message-Id: <20210910124533.288318-1-sgarzare@redhat.com>
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+(cherry picked from commit 66fed30c9cd11854fc878a4eceb507e915d7c9cd)
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+---
+ block/mirror.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/block/mirror.c b/block/mirror.c
+index 33477ade1b..6a126d18c8 100644
+--- a/block/mirror.c
++++ b/block/mirror.c
+@@ -162,18 +162,25 @@ static void coroutine_fn mirror_wait_on_conflicts(MirrorOp *self,
+             if (ranges_overlap(self_start_chunk, self_nb_chunks,
+                                op_start_chunk, op_nb_chunks))
+             {
+-                /*
+-                 * If the operation is already (indirectly) waiting for us, or
+-                 * will wait for us as soon as it wakes up, then just go on
+-                 * (instead of producing a deadlock in the former case).
+-                 */
+-                if (op->waiting_for_op) {
+-                    continue;
++                if (self) {
++                    /*
++                     * If the operation is already (indirectly) waiting for us,
++                     * or will wait for us as soon as it wakes up, then just go
++                     * on (instead of producing a deadlock in the former case).
++                     */
++                    if (op->waiting_for_op) {
++                        continue;
++                    }
++
++                    self->waiting_for_op = op;
+                 }
+ 
+-                self->waiting_for_op = op;
+                 qemu_co_queue_wait(&op->waiting_requests, NULL);
+-                self->waiting_for_op = NULL;
++
++                if (self) {
++                    self->waiting_for_op = NULL;
++                }
++
+                 break;
+             }
+         }
+-- 
+2.30.2
+
diff --git a/debian/patches/series b/debian/patches/series
index c1eecec..92bcf10 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,6 +4,7 @@ extra/0003-monitor-hmp-add-support-for-flag-argument-with-value.patch
 extra/0004-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
 extra/0005-monitor-hmp-correctly-invert-password-argument-detec.patch
 extra/0006-qxl-fix-pre-save-logic.patch
+extra/0007-block-mirror-fix-NULL-pointer-dereference-in-mirror_.patch
 bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
 bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
 bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
-- 
2.30.2





^ permalink raw reply	[flat|nested] 2+ messages in thread

* [pve-devel] applied:  [PATCH qemu] cherry-pick segfault fix
  2021-11-16  8:22 [pve-devel] [PATCH qemu] cherry-pick segfault fix Fabian Grünbichler
@ 2021-11-16  8:36 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2021-11-16  8:36 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Grünbichler

On 16.11.21 09:22, Fabian Grünbichler wrote:
> this was reported multiple times in our forums[1 with backtraces, 2 & 3
> with same log messages], fix is taken from upstream master.
> 
> 1: https://forum.proxmox.com/threads/pve-7-0-14-1-vm-not-running-live-migration-kills-vm-post-ssd-move-pre-ram-move.99704/
> 2: https://forum.proxmox.com/threads/proxmox-7-0-14-1-crashes-vm-during-migrate-to-other-host.99678
> 3: https://forum.proxmox.com/threads/cannot-migrate-between-zfs-and-ceph.99685/#post-430152
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> gave it a quick spin with some NBD migrations, and the patch itselfs
> looks very straight-forward..
> 
>  ...-NULL-pointer-dereference-in-mirror_.patch | 85 +++++++++++++++++++
>  debian/patches/series                         |  1 +
>  2 files changed, 86 insertions(+)
>  create mode 100644 debian/patches/extra/0007-block-mirror-fix-NULL-pointer-dereference-in-mirror_.patch
> 
>

applied, thanks!




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-11-16  8:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-16  8:22 [pve-devel] [PATCH qemu] cherry-pick segfault fix Fabian Grünbichler
2021-11-16  8:36 ` [pve-devel] applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal