From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 3E8581FF173 for <inbox@lore.proxmox.com>; Mon, 24 Feb 2025 15:57:17 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3F3A1A047; Mon, 24 Feb 2025 15:57:13 +0100 (CET) From: Fiona Ebner <f.ebner@proxmox.com> To: pve-devel@lists.proxmox.com Date: Mon, 24 Feb 2025 15:57:04 +0100 Message-Id: <20250224145705.140576-1-f.ebner@proxmox.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.046 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> It is necessary to reset the error pointer after error_report_err(), because that function frees the error. Not doing so can lead to a use-after-free and in particular error_setg() with the same error pointer will run into assertion failure, because it asserts that no previous error is set: > #5 0x00007c1723674eb2 in __GI___assert_fail (assertion=assertion@entry=0x59132c9fc540 "*errp == NULL", > file=file@entry=0x59132c9fc530 "../util/error.c", line=line@entry=68, > function=function@entry=0x59132c9fc5f8 <__PRETTY_FUNCTION__.2> "error_setv") > #6 0x000059132c7d250f in error_setv (errp=0x7c15839fafb8, src=0x59132c9af224 "../block/dirty-bitmap.c", line=182, > func=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check", err_class=err_class@entry=ERROR_CLASS_GENERIC_ERROR, > fmt=fmt@entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used", ap=0x7c15839fad60, > suffix=0x0) > #7 0x000059132c7d265c in error_setg_internal (errp=errp@entry=0x7c15839fafb8, > src=src@entry=0x59132c9af224 "../block/dirty-bitmap.c", line=line@entry=182, > func=func@entry=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check", > fmt=fmt@entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used") > #8 0x000059132c68fbc1 in bdrv_dirty_bitmap_check (bitmap=bitmap@entry=0x5913542d6190, flags=flags@entry=7, > errp=errp@entry=0x7c15839fafb8) > #9 0x000059132c3b951d in add_bitmaps_to_list (s=s@entry=0x59132d87ee40 <dbm_state>, bs=bs@entry=0x591352d6b720, > bs_name=bs_name@entry=0x591352d69900 "drive-scsi1", alias_map=alias_map@entry=0x0, errp=errp@entry=0x7c15839fafb8) > #10 0x000059132c3ba23d in init_dirty_bitmap_migration (errp=<optimized out>, s=0x59132d87ee40 <dbm_state>) > #11 dirty_bitmap_save_setup (f=0x591352ebdd30, opaque=0x59132d87ee40 <dbm_state>, errp=0x7c15839fafb8) > #12 0x000059132c3d81f0 in qemu_savevm_state_setup (f=0x591352ebdd30, errp=errp@entry=0x7c15839fafb8) Fix created using the appropriate in-tree coccinelle script: spatch --in-place scripts/coccinelle/error-use-after-free.cocci migration/block-dirty-bitmap.c The problematic change exposing the issue was part of 7882afe ("update submodule and patches to QEMU 9.1.2") adapting to QEMU 9.1, commit dd03167725 ("migration: Add Error** argument to add_bitmaps_to_list()"), where the add_bitmaps_to_list() function gained an error pointer argument, replacing the local error variable that was used before. Fixes: 7882afe ("update submodule and patches to QEMU 9.1.2") Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> --- No changes in v2. ...tion-block-dirty-bitmap-migrate-other-bitmaps-e.patch | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch index 066ad77..364824d 100644 --- a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch +++ b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch @@ -15,20 +15,21 @@ transferred. Signed-off-by: Stefan Reiter <s.reiter@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> --- - migration/block-dirty-bitmap.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) + migration/block-dirty-bitmap.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c -index a7d55048c2..77346a5fa2 100644 +index a7d55048c2..44078ea670 100644 --- a/migration/block-dirty-bitmap.c +++ b/migration/block-dirty-bitmap.c -@@ -539,7 +539,10 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs, +@@ -539,7 +539,11 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs, } if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, errp)) { - return -1; + if (errp != NULL) { + error_report_err(*errp); ++ *errp = NULL; + } + continue; } -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel