[v1] Fix use-after-free, if remove bitmap during migration

[PATCH for-6.0 0/2] Fix use-after-free, if remove bitmap during migration

Vladimir Sementsov-Ogievskiy posted 2 patches 3 years ago

Diff against v1
Download series mbox

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210322094906.5079-1-vsementsov@virtuozzo.com

Maintainers: Fam Zheng <fam@euphon.net>, Kevin Wolf <kwolf@redhat.com>, Juan Quintela <quintela@redhat.com>, John Snow <jsnow@redhat.com>, Max Reitz <mreitz@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Eric Blake <eblake@redhat.com>, Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

migration/block-dirty-bitmap.c                         |  6 ++++++
tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
2 files changed, 16 insertions(+)

Expand all Fold all

[PATCH for-6.0 0/2] Fix use-after-free, if remove bitmap during migration

Posted by Vladimir Sementsov-Ogievskiy 3 years ago

Hi all! Accidentally we found on use-after-free. Normally user should
not remove bitmaps during migration.. But some wrong user actions may
simply lead to Qemu crash and that's not good.

Vladimir Sementsov-Ogievskiy (2):
  migration/block-dirty-bitmap: make incoming disabled bitmaps busy
  migrate-bitmaps-postcopy-test: check that we can't remove in-flight
    bitmaps

 migration/block-dirty-bitmap.c                         |  6 ++++++
 tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
 2 files changed, 16 insertions(+)

-- 
2.29.2

Re: [PATCH for-6.0 0/2] Fix use-after-free, if remove bitmap during migration

Posted by Vladimir Sementsov-Ogievskiy 3 years ago

22.03.2021 12:49, Vladimir Sementsov-Ogievskiy wrote:
> Hi all! Accidentally we found on use-after-free. Normally user should
> not remove bitmaps during migration.. But some wrong user actions may
> simply lead to Qemu crash and that's not good.
> 
> Vladimir Sementsov-Ogievskiy (2):
>    migration/block-dirty-bitmap: make incoming disabled bitmaps busy
>    migrate-bitmaps-postcopy-test: check that we can't remove in-flight
>      bitmaps
> 
>   migration/block-dirty-bitmap.c                         |  6 ++++++
>   tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
>   2 files changed, 16 insertions(+)
> 

Oops sorry. Actually, it's a v2 for "[PATCH 0/2] Fix crash if try to remove bitmap on target during migration" with a bit improved test, patch 1` unchanged.

Supersedes: <20210319204124.364312-1-vsementsov@virtuozzo.com>

-- 
Best regards,
Vladimir

Re: [PATCH for-6.0 0/2] Fix use-after-free, if remove bitmap during migration

Posted by Stefan Hajnoczi 3 years ago

On Mon, Mar 22, 2021 at 12:49:04PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> Hi all! Accidentally we found on use-after-free. Normally user should
> not remove bitmaps during migration.. But some wrong user actions may
> simply lead to Qemu crash and that's not good.
> 
> Vladimir Sementsov-Ogievskiy (2):
>   migration/block-dirty-bitmap: make incoming disabled bitmaps busy
>   migrate-bitmaps-postcopy-test: check that we can't remove in-flight
>     bitmaps
> 
>  migration/block-dirty-bitmap.c                         |  6 ++++++
>  tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
>  2 files changed, 16 insertions(+)
> 
> -- 
> 2.29.2
> 

Thanks, applied to my cpuidle-haltpoll-virtqueue tree:
https://gitlab.com/stefanha/qemu/commits/cpuidle-haltpoll-virtqueue

Stefan