From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Fiona Ebner <f.ebner@proxmox.com>
Cc: pve-devel@lists.proxmox.com
Subject: [pve-devel] applied: [PATCH v2 qemu 1/2] savevm-async: avoid segfault when aborting snapshot
Date: Fri, 19 Aug 2022 10:01:08 +0200 [thread overview]
Message-ID: <20220819080108.hmwotsv5zu7vgx4u@wobu-vie.proxmox.com> (raw)
In-Reply-To: <20220818114417.86938-1-f.ebner@proxmox.com>
applied both patches, thanks
One nit for a possible followup though:
On Thu, Aug 18, 2022 at 01:44:16PM +0200, Fiona Ebner wrote:
> Reported in the community forum[0].
>
> For 6.1.0, there were a few changes to the coroutine-sleep API, but
> the adaptations in f376b2b ("update and rebase to QEMU v6.1.0") made
> a mistake.
>
> Currently, target_close_wait is NULL when passed to
> qemu_co_sleep_ns_wakeable(), which further passes it to
> qemu_co_sleep(), but there, it is dereferenced when trying to access
> the 'to_wake' member:
>
> > Thread 1 "kvm" received signal SIGSEGV, Segmentation fault.
> > qemu_co_sleep (w=0x0) at ../util/qemu-coroutine-sleep.c:57
>
> To fix it, create a proper struct and pass its address instead. Also
> call qemu_co_sleep_wake unconditionally, because the NULL check (for
> the 'to_wake' member) is done inside the function itself.
>
> This patch is based on what the QEMU commits introducing the changes
> to the coroutine-sleep API did to the callers in QEMU:
> eaee072085 ("coroutine-sleep: allow qemu_co_sleep_wake that wakes nothing")
> 29a6ea24eb ("coroutine-sleep: replace QemuCoSleepState pointer with struct in the API")
>
> [0]: https://forum.proxmox.com/threads/112130/
>
> Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
>
> Changes from v1:
> * Added Mira's T-b tag.
>
> ...async-for-background-state-snapshots.patch | 20 +++++++++----------
> ...add-optional-buffer-size-to-QEMUFile.patch | 6 +++---
> ...-register-yank-before-migration_inco.patch | 4 ++--
> 3 files changed, 15 insertions(+), 15 deletions(-)
>
> diff --git a/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
> index 0197289..62a8e98 100644
> --- a/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
> +++ b/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
> @@ -23,19 +23,21 @@ Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> [improve aborting]
> Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
> +[FE: further improve aborting]
> +Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> hmp-commands-info.hx | 13 +
> hmp-commands.hx | 33 ++
> include/migration/snapshot.h | 2 +
> include/monitor/hmp.h | 5 +
> migration/meson.build | 1 +
> - migration/savevm-async.c | 598 +++++++++++++++++++++++++++++++++++
> + migration/savevm-async.c | 596 +++++++++++++++++++++++++++++++++++
> monitor/hmp-cmds.c | 57 ++++
> qapi/migration.json | 34 ++
> qapi/misc.json | 32 ++
> qemu-options.hx | 12 +
> softmmu/vl.c | 10 +
> - 11 files changed, 797 insertions(+)
> + 11 files changed, 795 insertions(+)
> create mode 100644 migration/savevm-async.c
>
> diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
> @@ -151,10 +153,10 @@ index 8b5ca5c047..1e2aec8486 100644
> ), gnutls)
> diff --git a/migration/savevm-async.c b/migration/savevm-async.c
> new file mode 100644
> -index 0000000000..79a0cda906
> +index 0000000000..88215cdb70
> --- /dev/null
> +++ b/migration/savevm-async.c
> -@@ -0,0 +1,598 @@
> +@@ -0,0 +1,596 @@
> +#include "qemu/osdep.h"
> +#include "migration/migration.h"
> +#include "migration/savevm.h"
> @@ -210,7 +212,7 @@ index 0000000000..79a0cda906
> + int64_t total_time;
> + QEMUBH *finalize_bh;
> + Coroutine *co;
> -+ QemuCoSleep *target_close_wait;
> ++ QemuCoSleep target_close_wait;
> +} snap_state;
> +
> +static bool savevm_aborted(void)
> @@ -285,9 +287,7 @@ index 0000000000..79a0cda906
> + blk_unref(snap_state.target);
> + snap_state.target = NULL;
> +
> -+ if (snap_state.target_close_wait) {
> -+ qemu_co_sleep_wake(snap_state.target_close_wait);
> -+ }
> ++ qemu_co_sleep_wake(&snap_state.target_close_wait);
> + }
> +
> + return ret;
> @@ -549,6 +549,7 @@ index 0000000000..79a0cda906
> + snap_state.bs_pos = 0;
> + snap_state.total_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
> + snap_state.blocker = NULL;
> ++ snap_state.target_close_wait.to_wake = NULL;
To be more robust I wonder if this should be a memset on the whole
QemuCoSleep, or use something like:
snap_state.target_close_wait = (QemuCoSleep){ .to_wake = NULL };
prev parent reply other threads:[~2022-08-19 8:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-18 11:44 [pve-devel] " Fiona Ebner
2022-08-18 11:44 ` [pve-devel] [PATCH v2 qemu 2/2] savevm-async: set SAVE_STATE_DONE when closing state file was successful Fiona Ebner
2022-08-19 8:01 ` Wolfgang Bumiller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220819080108.hmwotsv5zu7vgx4u@wobu-vie.proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox