vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror_qemu/migration
History
Vladimir Sementsov-Ogievskiy 4290b4834c migration/block-dirty-bitmap: make incoming disabled bitmaps busy 
Incoming enabled bitmaps are busy, because we do
bdrv_dirty_bitmap_create_successor() for them. But disabled bitmaps
being migrated are not marked busy, and user can remove them during the
incoming migration. Then we may crash in cancel_incoming_locked() when
try to remove the bitmap that was already removed by user, like this:

 #0  qemu_mutex_lock_impl (mutex=0x5593d88c50d1, file=0x559680554b20
   "../block/dirty-bitmap.c", line=64) at ../util/qemu-thread-posix.c:77
 #1  bdrv_dirty_bitmaps_lock (bs=0x5593d88c0ee9)
   at ../block/dirty-bitmap.c:64
 #2  bdrv_release_dirty_bitmap (bitmap=0x5596810e9570)
   at ../block/dirty-bitmap.c:362
 #3  cancel_incoming_locked (s=0x559680be8208 <dbm_state+40>)
   at ../migration/block-dirty-bitmap.c:918
 #4  dirty_bitmap_load (f=0x559681d02b10, opaque=0x559680be81e0
   <dbm_state>, version_id=1) at ../migration/block-dirty-bitmap.c:1194
 #5  vmstate_load (f=0x559681d02b10, se=0x559680fb5810)
   at ../migration/savevm.c:908
 #6  qemu_loadvm_section_part_end (f=0x559681d02b10,
   mis=0x559680fb4a30) at ../migration/savevm.c:2473
 #7  qemu_loadvm_state_main (f=0x559681d02b10, mis=0x559680fb4a30)
   at ../migration/savevm.c:2626
 #8  postcopy_ram_listen_thread (opaque=0x0)
   at ../migration/savevm.c:1871
 #9  qemu_thread_start (args=0x5596817ccd10)
   at ../util/qemu-thread-posix.c:521
 #10 start_thread () at /lib64/libpthread.so.0
 #11 clone () at /lib64/libc.so.6

Note bs pointer taken from bitmap: it's definitely bad aligned. That's
because we are in use after free, bitmap is already freed.

So, let's make disabled bitmaps (being migrated) busy during incoming
migration.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210322094906.5079-2-vsementsov@virtuozzo.com>
 		2021-03-24 13:41:19 +00:00
..
block-dirty-bitmap.c migration/block-dirty-bitmap: make incoming disabled bitmaps busy 2021-03-24 13:41:19 +00:00
block.c migration: using trace_ to replace DPRINTF 2020-10-26 16:15:04 +00:00
block.h migration: disable auto-converge during bulk block migration 2017-09-27 11:27:14 +01:00
channel.c migration: Add yank feature 2021-01-13 10:21:17 +01:00
channel.h migration: Route errors down through migration_channel_connect 2018-02-06 10:55:12 +00:00
colo-failover.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
colo.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
dirtyrate.c migration/dirtyrate: simplify includes in dirtyrate.c 2020-11-12 15:52:14 +00:00
dirtyrate.h migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() 2020-09-25 12:45:58 +01:00
exec.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
exec.h migration: Export exec.c functions in its own file 2017-06-01 18:49:22 +02:00
fd.c monitor: Use getter/setter functions for cur_mon 2020-10-09 07:08:19 +02:00
fd.h migration: Fix fd protocol for incoming defer 2019-06-05 12:43:55 +02:00
global_state.c migration: Silence compiler warning in global_state_store_running() 2020-10-02 12:28:48 +01:00
meson.build zstd: convert to meson 2021-01-06 10:21:20 +01:00
migration.c migrate: remove QMP/HMP commands for speed, downtime and cache size 2021-03-18 09:22:55 +00:00
migration.h migration: Clean up signed vs. unsigned XBZRLE cache-size 2021-02-08 11:19:51 +00:00
multifd-zlib.c multifd: Add zlib compression multifd support 2020-02-28 09:24:43 +01:00
multifd-zstd.c multifd: Add zstd compression multifd support 2020-02-28 09:25:49 +01:00
multifd.c migration/tls: add error handling in multifd_tls_handshake_thread 2021-03-15 20:01:55 +00:00
multifd.h migration/tls: add tls_hostname into MultiFDSendParams 2020-09-25 12:45:58 +01:00
page_cache.c migration: Fix cache_init()'s "Failed to allocate" error messages 2021-02-08 11:19:51 +00:00
page_cache.h migration: Clean up signed vs. unsigned XBZRLE cache-size 2021-02-08 11:19:51 +00:00
postcopy-ram.c qapi: Use QAPI_LIST_PREPEND() where possible 2020-12-19 10:20:14 +01:00
postcopy-ram.h migration/: fix some comment spelling errors 2020-09-17 20:36:32 +02:00
qemu-file-channel.c migration: Add yank feature 2021-01-13 10:21:17 +01:00
qemu-file-channel.h migration: Export qemu-file-channel.c functions in its own file 2017-05-18 19:20:50 +02:00
qemu-file.c migration/qemu-file: Fix maybe uninitialized on qemu_get_buffer_in_place() 2021-02-08 11:19:51 +00:00
qemu-file.h Header cleanup patches for 2019-08-13 2019-08-16 14:53:43 +01:00
ram.c migrate: remove QMP/HMP commands for speed, downtime and cache size 2021-03-18 09:22:55 +00:00
ram.h migration: Clean up signed vs. unsigned XBZRLE cache-size 2021-02-08 11:19:51 +00:00
rdma.c migration: Delete redundant spaces 2020-10-26 16:15:04 +00:00
rdma.h migration: Export rdma.c functions in its own file 2017-06-01 18:49:23 +02:00
savevm.c migration: introduce snapshot-{save, load, delete} QMP commands 2021-02-08 11:19:52 +00:00
savevm.h migration: Add blocker information 2021-02-08 11:19:51 +00:00
socket.c migration: unify the framework of socket-type channel 2020-08-28 13:34:52 +01:00
socket.h migration: unify the framework of socket-type channel 2020-08-28 13:34:52 +01:00
tls.c migration: Fix Lesser GPL version number 2020-11-15 16:43:28 +01:00
tls.h migration: Fix Lesser GPL version number 2020-11-15 16:43:28 +01:00
trace-events migration: support UFFD write fault processing in ram_save_iterate() 2021-02-08 11:19:51 +00:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vmstate-types.c migration: Replace migration's JSON writer by the general one 2020-12-19 10:39:16 +01:00
vmstate.c migration: Replace migration's JSON writer by the general one 2020-12-19 10:39:16 +01:00
xbzrle.c migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00
xbzrle.h migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00