public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks
@ 2025-02-24 14:57 Fiona Ebner
  2025-02-24 14:57 ` [pve-devel] [PATCH v2 qemu 2/2] code style: some more coccinelle fixes Fiona Ebner
  2025-02-24 16:40 ` [pve-devel] applied: [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks Thomas Lamprecht
  0 siblings, 2 replies; 3+ messages in thread
From: Fiona Ebner @ 2025-02-24 14:57 UTC (permalink / raw)
  To: pve-devel

It is necessary to reset the error pointer after error_report_err(),
because that function frees the error. Not doing so can lead to a
use-after-free and in particular error_setg() with the same error
pointer will run into assertion failure, because it asserts that no
previous error is set:

> #5  0x00007c1723674eb2 in __GI___assert_fail (assertion=assertion@entry=0x59132c9fc540 "*errp == NULL",
>     file=file@entry=0x59132c9fc530 "../util/error.c", line=line@entry=68,
>     function=function@entry=0x59132c9fc5f8 <__PRETTY_FUNCTION__.2> "error_setv")
> #6  0x000059132c7d250f in error_setv (errp=0x7c15839fafb8, src=0x59132c9af224 "../block/dirty-bitmap.c", line=182,
>     func=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check", err_class=err_class@entry=ERROR_CLASS_GENERIC_ERROR,
>     fmt=fmt@entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used", ap=0x7c15839fad60,
>     suffix=0x0)
> #7  0x000059132c7d265c in error_setg_internal (errp=errp@entry=0x7c15839fafb8,
>     src=src@entry=0x59132c9af224 "../block/dirty-bitmap.c", line=line@entry=182,
>     func=func@entry=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check",
>     fmt=fmt@entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used")
> #8  0x000059132c68fbc1 in bdrv_dirty_bitmap_check (bitmap=bitmap@entry=0x5913542d6190, flags=flags@entry=7,
>     errp=errp@entry=0x7c15839fafb8)
> #9  0x000059132c3b951d in add_bitmaps_to_list (s=s@entry=0x59132d87ee40 <dbm_state>, bs=bs@entry=0x591352d6b720,
>     bs_name=bs_name@entry=0x591352d69900 "drive-scsi1", alias_map=alias_map@entry=0x0, errp=errp@entry=0x7c15839fafb8)
> #10 0x000059132c3ba23d in init_dirty_bitmap_migration (errp=<optimized out>, s=0x59132d87ee40 <dbm_state>)
> #11 dirty_bitmap_save_setup (f=0x591352ebdd30, opaque=0x59132d87ee40 <dbm_state>, errp=0x7c15839fafb8)
> #12 0x000059132c3d81f0 in qemu_savevm_state_setup (f=0x591352ebdd30, errp=errp@entry=0x7c15839fafb8)

Fix created using the appropriate in-tree coccinelle script:
spatch --in-place scripts/coccinelle/error-use-after-free.cocci migration/block-dirty-bitmap.c

The problematic change exposing the issue was part of 7882afe ("update
submodule and patches to QEMU 9.1.2") adapting to QEMU 9.1, commit
dd03167725 ("migration: Add Error** argument to
add_bitmaps_to_list()"), where the add_bitmaps_to_list() function
gained an error pointer argument, replacing the local error variable
that was used before.

Fixes: 7882afe ("update submodule and patches to QEMU 9.1.2")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

No changes in v2.

 ...tion-block-dirty-bitmap-migrate-other-bitmaps-e.patch | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
index 066ad77..364824d 100644
--- a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
+++ b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
@@ -15,20 +15,21 @@ transferred.
 Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- migration/block-dirty-bitmap.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
+ migration/block-dirty-bitmap.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
 
 diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
-index a7d55048c2..77346a5fa2 100644
+index a7d55048c2..44078ea670 100644
 --- a/migration/block-dirty-bitmap.c
 +++ b/migration/block-dirty-bitmap.c
-@@ -539,7 +539,10 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
+@@ -539,7 +539,11 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
          }
  
          if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, errp)) {
 -            return -1;
 +            if (errp != NULL) {
 +                error_report_err(*errp);
++                *errp = NULL;
 +            }
 +            continue;
          }
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [pve-devel] [PATCH v2 qemu 2/2] code style: some more coccinelle fixes
  2025-02-24 14:57 [pve-devel] [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks Fiona Ebner
@ 2025-02-24 14:57 ` Fiona Ebner
  2025-02-24 16:40 ` [pve-devel] applied: [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks Thomas Lamprecht
  1 sibling, 0 replies; 3+ messages in thread
From: Fiona Ebner @ 2025-02-24 14:57 UTC (permalink / raw)
  To: pve-devel

Below are the commands that generated the changes along with the
rationale:

command: spatch --in-place scripts/coccinelle/error_propagate_null.cocci pve-backup.c
rationale: error_propagate() already checks for NULL in its second
           argument

command: spatch --in-place scripts/coccinelle/round.cocci vma-reader.c vma-writer.c
rationale: DIV_ROUND_UP() macro is more readable than the expanded
           calculation

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

New in v2.

An additional suggestion would've been to use
-vmar->head_data = g_malloc(sizeof(VmaHeader));
+vmar->head_data = g_new(VmaHeader, 1);
in vma-reader.c, but head_data is an 'unsigned char *', so that
would require adding a cast too and doesn't actually seem cleaner.

 ...VE-Backup-add-vma-backup-format-code.patch | 20 +++++++++----------
 ...ckup-Proxmox-backup-patches-for-QEMU.patch | 12 +++++------
 ...igrate-dirty-bitmap-state-via-savevm.patch |  4 ++--
 .../0044-PVE-backup-add-fleecing-option.patch |  4 ++--
 ...ve-error-when-copy-before-write-fail.patch |  2 +-
 ...up-fixup-error-handling-for-fleecing.patch |  2 +-
 ...r-out-setting-up-snapshot-access-for.patch |  2 +-
 ...device-name-in-device-info-structure.patch |  6 +++---
 ...de-device-name-in-error-when-setting.patch |  2 +-
 9 files changed, 25 insertions(+), 29 deletions(-)

diff --git a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
index 186cbf7..aa60306 100644
--- a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
+++ b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
@@ -16,11 +16,11 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
 ---
  block/meson.build |   2 +
  meson.build       |   5 +
- vma-reader.c      | 868 ++++++++++++++++++++++++++++++++++++++++++
- vma-writer.c      | 817 ++++++++++++++++++++++++++++++++++++++++
+ vma-reader.c      | 867 ++++++++++++++++++++++++++++++++++++++++++
+ vma-writer.c      | 816 ++++++++++++++++++++++++++++++++++++++++
  vma.c             | 941 ++++++++++++++++++++++++++++++++++++++++++++++
  vma.h             | 150 ++++++++
- 6 files changed, 2783 insertions(+)
+ 6 files changed, 2781 insertions(+)
  create mode 100644 vma-reader.c
  create mode 100644 vma-writer.c
  create mode 100644 vma.c
@@ -64,10 +64,10 @@ index 147097c652..b9b673c271 100644
    foreach exe: [ 'qemu-img', 'qemu-io', 'qemu-nbd', 'qemu-storage-daemon']
 diff --git a/vma-reader.c b/vma-reader.c
 new file mode 100644
-index 0000000000..65015d2e1e
+index 0000000000..bb65ad313c
 --- /dev/null
 +++ b/vma-reader.c
-@@ -0,0 +1,868 @@
+@@ -0,0 +1,867 @@
 +/*
 + * VMA: Virtual Machine Archive
 + *
@@ -883,8 +883,7 @@ index 0000000000..65015d2e1e
 +
 +            int64_t cluster_num, end;
 +
-+            end = (vmar->devinfo[i].size + VMA_CLUSTER_SIZE - 1) /
-+                VMA_CLUSTER_SIZE;
++            end = DIV_ROUND_UP(vmar->devinfo[i].size, VMA_CLUSTER_SIZE);
 +
 +            for (cluster_num = 0; cluster_num < end; cluster_num++) {
 +                if (!vma_reader_get_bitmap(rstate, cluster_num)) {
@@ -938,10 +937,10 @@ index 0000000000..65015d2e1e
 +
 diff --git a/vma-writer.c b/vma-writer.c
 new file mode 100644
-index 0000000000..a466652a5d
+index 0000000000..3f489092df
 --- /dev/null
 +++ b/vma-writer.c
-@@ -0,0 +1,817 @@
+@@ -0,0 +1,816 @@
 +/*
 + * VMA: Virtual Machine Archive
 + *
@@ -1135,8 +1134,7 @@ index 0000000000..a466652a5d
 +    vmaw->stream_info[n].devname = g_strdup(devname);
 +    vmaw->stream_info[n].size = size;
 +
-+    vmaw->stream_info[n].cluster_count = (size + VMA_CLUSTER_SIZE - 1) /
-+        VMA_CLUSTER_SIZE;
++    vmaw->stream_info[n].cluster_count = DIV_ROUND_UP(size, VMA_CLUSTER_SIZE);
 +
 +    vmaw->stream_count = n;
 +
diff --git a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
index 0180f85..66372a5 100644
--- a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
+++ b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
@@ -94,11 +94,11 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
  monitor/hmp-cmds.c             |   72 +++
  proxmox-backup-client.c        |  146 +++++
  proxmox-backup-client.h        |   60 ++
- pve-backup.c                   | 1092 ++++++++++++++++++++++++++++++++
+ pve-backup.c                   | 1090 ++++++++++++++++++++++++++++++++
  qapi/block-core.json           |  233 +++++++
  qapi/common.json               |   14 +
  qapi/machine.json              |   16 +-
- 14 files changed, 1711 insertions(+), 14 deletions(-)
+ 14 files changed, 1709 insertions(+), 14 deletions(-)
  create mode 100644 proxmox-backup-client.c
  create mode 100644 proxmox-backup-client.h
  create mode 100644 pve-backup.c
@@ -586,10 +586,10 @@ index 0000000000..8cbf645b2c
 +#endif /* PROXMOX_BACKUP_CLIENT_H */
 diff --git a/pve-backup.c b/pve-backup.c
 new file mode 100644
-index 0000000000..9f83ecb310
+index 0000000000..fea0152de0
 --- /dev/null
 +++ b/pve-backup.c
-@@ -0,0 +1,1092 @@
+@@ -0,0 +1,1090 @@
 +#include "proxmox-backup-client.h"
 +#include "vma.h"
 +
@@ -1440,9 +1440,7 @@ index 0000000000..9f83ecb310
 +    } else if (format == BACKUP_FORMAT_VMA) {
 +        vmaw = vma_writer_create(backup_file, uuid, &local_err);
 +        if (!vmaw) {
-+            if (local_err) {
-+                error_propagate(errp, local_err);
-+            }
++            error_propagate(errp, local_err);
 +            goto err_mutex;
 +        }
 +
diff --git a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index cbd90cc..b794959 100644
--- a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -180,10 +180,10 @@ index 0000000000..a97187e4d7
 +                         NULL);
 +}
 diff --git a/pve-backup.c b/pve-backup.c
-index 9f83ecb310..57477f7f2a 100644
+index fea0152de0..faa6a9b93c 100644
 --- a/pve-backup.c
 +++ b/pve-backup.c
-@@ -1085,6 +1085,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
+@@ -1083,6 +1083,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
      ret->pbs_library_version = g_strdup(proxmox_backup_qemu_version());
      ret->pbs_dirty_bitmap = true;
      ret->pbs_dirty_bitmap_savevm = true;
diff --git a/debian/patches/pve/0044-PVE-backup-add-fleecing-option.patch b/debian/patches/pve/0044-PVE-backup-add-fleecing-option.patch
index aa43103..8663a33 100644
--- a/debian/patches/pve/0044-PVE-backup-add-fleecing-option.patch
+++ b/debian/patches/pve/0044-PVE-backup-add-fleecing-option.patch
@@ -80,7 +80,7 @@ index 439a7a14c8..d0e7771dcc 100644
  
      hmp_handle_error(mon, error);
 diff --git a/pve-backup.c b/pve-backup.c
-index 57477f7f2a..0f098000dd 100644
+index faa6a9b93c..4b0820c8a7 100644
 --- a/pve-backup.c
 +++ b/pve-backup.c
 @@ -7,9 +7,11 @@
@@ -286,7 +286,7 @@ index 57477f7f2a..0f098000dd 100644
      bdrv_graph_co_rdunlock();
      if (local_err) {
          error_propagate(errp, local_err);
-@@ -1089,5 +1217,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
+@@ -1087,5 +1215,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
      ret->query_bitmap_info = true;
      ret->pbs_masterkey = true;
      ret->backup_max_workers = true;
diff --git a/debian/patches/pve/0045-PVE-backup-improve-error-when-copy-before-write-fail.patch b/debian/patches/pve/0045-PVE-backup-improve-error-when-copy-before-write-fail.patch
index 8c51a39..dbbf64a 100644
--- a/debian/patches/pve/0045-PVE-backup-improve-error-when-copy-before-write-fail.patch
+++ b/debian/patches/pve/0045-PVE-backup-improve-error-when-copy-before-write-fail.patch
@@ -96,7 +96,7 @@ index 2a5d4ba693..969da3620f 100644
  
  #endif /* COPY_BEFORE_WRITE_H */
 diff --git a/pve-backup.c b/pve-backup.c
-index 0f098000dd..75da1dc051 100644
+index 4b0820c8a7..81697d9bf9 100644
 --- a/pve-backup.c
 +++ b/pve-backup.c
 @@ -374,6 +374,15 @@ static void pvebackup_complete_cb(void *opaque, int ret)
diff --git a/debian/patches/pve/0046-PVE-backup-fixup-error-handling-for-fleecing.patch b/debian/patches/pve/0046-PVE-backup-fixup-error-handling-for-fleecing.patch
index 9a8ac00..1b4fdd2 100644
--- a/debian/patches/pve/0046-PVE-backup-fixup-error-handling-for-fleecing.patch
+++ b/debian/patches/pve/0046-PVE-backup-fixup-error-handling-for-fleecing.patch
@@ -18,7 +18,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
  1 file changed, 25 insertions(+), 13 deletions(-)
 
 diff --git a/pve-backup.c b/pve-backup.c
-index 75da1dc051..167f0b5c3f 100644
+index 81697d9bf9..320c660589 100644
 --- a/pve-backup.c
 +++ b/pve-backup.c
 @@ -357,22 +357,23 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque)
diff --git a/debian/patches/pve/0047-PVE-backup-factor-out-setting-up-snapshot-access-for.patch b/debian/patches/pve/0047-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
index 7cac5cb..ebd47dc 100644
--- a/debian/patches/pve/0047-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
+++ b/debian/patches/pve/0047-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
@@ -15,7 +15,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
  1 file changed, 58 insertions(+), 37 deletions(-)
 
 diff --git a/pve-backup.c b/pve-backup.c
-index 167f0b5c3f..f136d004c4 100644
+index 320c660589..d8d0c04b0f 100644
 --- a/pve-backup.c
 +++ b/pve-backup.c
 @@ -525,6 +525,62 @@ static int coroutine_fn pvebackup_co_add_config(
diff --git a/debian/patches/pve/0048-PVE-backup-save-device-name-in-device-info-structure.patch b/debian/patches/pve/0048-PVE-backup-save-device-name-in-device-info-structure.patch
index a854b32..891e584 100644
--- a/debian/patches/pve/0048-PVE-backup-save-device-name-in-device-info-structure.patch
+++ b/debian/patches/pve/0048-PVE-backup-save-device-name-in-device-info-structure.patch
@@ -17,7 +17,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
  1 file changed, 15 insertions(+), 14 deletions(-)
 
 diff --git a/pve-backup.c b/pve-backup.c
-index f136d004c4..8ccb281c8c 100644
+index d8d0c04b0f..e2110ce0db 100644
 --- a/pve-backup.c
 +++ b/pve-backup.c
 @@ -94,6 +94,7 @@ typedef struct PVEBackupDevInfo {
@@ -111,7 +111,7 @@ index f136d004c4..8ccb281c8c 100644
              info->action = action;
              info->size = di->size;
              info->dirty = dirty;
-@@ -1034,10 +1035,7 @@ UuidInfo coroutine_fn *qmp_backup(
+@@ -1032,10 +1033,7 @@ UuidInfo coroutine_fn *qmp_backup(
                  goto err_mutex;
              }
  
@@ -123,7 +123,7 @@ index f136d004c4..8ccb281c8c 100644
              if (di->dev_id <= 0) {
                  error_set(errp, ERROR_CLASS_GENERIC_ERROR,
                            "register_stream failed");
-@@ -1148,6 +1146,9 @@ err:
+@@ -1146,6 +1144,9 @@ err:
              bdrv_co_unref(di->target);
          }
  
diff --git a/debian/patches/pve/0049-PVE-backup-include-device-name-in-error-when-setting.patch b/debian/patches/pve/0049-PVE-backup-include-device-name-in-error-when-setting.patch
index bf79355..807609a 100644
--- a/debian/patches/pve/0049-PVE-backup-include-device-name-in-error-when-setting.patch
+++ b/debian/patches/pve/0049-PVE-backup-include-device-name-in-error-when-setting.patch
@@ -10,7 +10,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/pve-backup.c b/pve-backup.c
-index 8ccb281c8c..255465676c 100644
+index e2110ce0db..32352fb5ec 100644
 --- a/pve-backup.c
 +++ b/pve-backup.c
 @@ -626,7 +626,8 @@ static void create_backup_jobs_bh(void *opaque) {
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [pve-devel] applied: [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks
  2025-02-24 14:57 [pve-devel] [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks Fiona Ebner
  2025-02-24 14:57 ` [pve-devel] [PATCH v2 qemu 2/2] code style: some more coccinelle fixes Fiona Ebner
@ 2025-02-24 16:40 ` Thomas Lamprecht
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2025-02-24 16:40 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fiona Ebner

Am 24.02.25 um 15:57 schrieb Fiona Ebner:
> It is necessary to reset the error pointer after error_report_err(),
> because that function frees the error. Not doing so can lead to a
> use-after-free and in particular error_setg() with the same error
> pointer will run into assertion failure, because it asserts that no
> previous error is set:
> 
>> #5  0x00007c1723674eb2 in __GI___assert_fail (assertion=assertion@entry=0x59132c9fc540 "*errp == NULL",
>>     file=file@entry=0x59132c9fc530 "../util/error.c", line=line@entry=68,
>>     function=function@entry=0x59132c9fc5f8 <__PRETTY_FUNCTION__.2> "error_setv")
>> #6  0x000059132c7d250f in error_setv (errp=0x7c15839fafb8, src=0x59132c9af224 "../block/dirty-bitmap.c", line=182,
>>     func=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check", err_class=err_class@entry=ERROR_CLASS_GENERIC_ERROR,
>>     fmt=fmt@entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used", ap=0x7c15839fad60,
>>     suffix=0x0)
>> #7  0x000059132c7d265c in error_setg_internal (errp=errp@entry=0x7c15839fafb8,
>>     src=src@entry=0x59132c9af224 "../block/dirty-bitmap.c", line=line@entry=182,
>>     func=func@entry=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check",
>>     fmt=fmt@entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used")
>> #8  0x000059132c68fbc1 in bdrv_dirty_bitmap_check (bitmap=bitmap@entry=0x5913542d6190, flags=flags@entry=7,
>>     errp=errp@entry=0x7c15839fafb8)
>> #9  0x000059132c3b951d in add_bitmaps_to_list (s=s@entry=0x59132d87ee40 <dbm_state>, bs=bs@entry=0x591352d6b720,
>>     bs_name=bs_name@entry=0x591352d69900 "drive-scsi1", alias_map=alias_map@entry=0x0, errp=errp@entry=0x7c15839fafb8)
>> #10 0x000059132c3ba23d in init_dirty_bitmap_migration (errp=<optimized out>, s=0x59132d87ee40 <dbm_state>)
>> #11 dirty_bitmap_save_setup (f=0x591352ebdd30, opaque=0x59132d87ee40 <dbm_state>, errp=0x7c15839fafb8)
>> #12 0x000059132c3d81f0 in qemu_savevm_state_setup (f=0x591352ebdd30, errp=errp@entry=0x7c15839fafb8)
> 
> Fix created using the appropriate in-tree coccinelle script:
> spatch --in-place scripts/coccinelle/error-use-after-free.cocci migration/block-dirty-bitmap.c
> 
> The problematic change exposing the issue was part of 7882afe ("update
> submodule and patches to QEMU 9.1.2") adapting to QEMU 9.1, commit
> dd03167725 ("migration: Add Error** argument to
> add_bitmaps_to_list()"), where the add_bitmaps_to_list() function
> gained an error pointer argument, replacing the local error variable
> that was used before.
> 
> Fixes: 7882afe ("update submodule and patches to QEMU 9.1.2")
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> 
> No changes in v2.
> 
>  ...tion-block-dirty-bitmap-migrate-other-bitmaps-e.patch | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
>

applied both patches, thanks!

And it's nice to see the use of structured/semantic patching through coccinelle.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-02-24 16:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-24 14:57 [pve-devel] [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks Fiona Ebner
2025-02-24 14:57 ` [pve-devel] [PATCH v2 qemu 2/2] code style: some more coccinelle fixes Fiona Ebner
2025-02-24 16:40 ` [pve-devel] applied: [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal