From nobody Mon Feb 9 16:34:49 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1646126482317891.1677690283341; Tue, 1 Mar 2022 01:21:22 -0800 (PST) Received: from localhost ([::1]:33986 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nOyh7-0000Ip-NT for importer@patchew.org; Tue, 01 Mar 2022 04:21:21 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54978) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nOy3s-0004gb-It for qemu-devel@nongnu.org; Tue, 01 Mar 2022 03:40:48 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:43724) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nOy3q-0008O1-UZ for qemu-devel@nongnu.org; Tue, 01 Mar 2022 03:40:48 -0500 Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-586-iH3__BlnMwGUSHw--ZPczg-1; Tue, 01 Mar 2022 03:40:45 -0500 Received: by mail-pl1-f197.google.com with SMTP id l6-20020a170903120600b0014f43ba55f3so5958090plh.11 for ; Tue, 01 Mar 2022 00:40:45 -0800 (PST) Received: from localhost.localdomain ([94.177.118.144]) by smtp.gmail.com with ESMTPSA id l1-20020a17090aec0100b001bc6d8bb27dsm1439987pjy.37.2022.03.01.00.40.41 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 01 Mar 2022 00:40:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646124046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iScz+bjSHJXZSsec6ODclid8MpYXvGhjXV9oo6c4Wa0=; b=eHb5tjKgpAZ9gK/huvzpa8ZM7KVHKax5Jv5rMF0YHSS35rmKeA2DlH73zsLe6Aci4LHE0Q qD2pqMBnqygf3y0dFPYp43FrBdgwmnLQ33e3vqMjSoh3TXNmk0RDLP/j+m0DMHKAzLJd7w 3mdd50SeQHKToBbak0tTsVpmiWdfV4k= X-MC-Unique: iH3__BlnMwGUSHw--ZPczg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iScz+bjSHJXZSsec6ODclid8MpYXvGhjXV9oo6c4Wa0=; b=wOsfBQjqNj2SYxh/av9QmabGJAqE/t12Mlsr6e8t6/gtFpeTmZYU0h++EkW95mm151 JnELpiaoT9t4GWonENgcEwZFszSzhBhMuT35IXB/RwTMA/5lnrjX3YvocLUjjJDVtyj+ 5rYcqtd/Jc5qF4g98RjrHHjobvcumScnWEpQPjVn4XV/OPlwX/Z6r3yWZrCZE8rUxHlY oVSsasNjNDi6BB7qk+Nggc7pdN8ppMiHCM8OkDQ2krvvbA51aXfDxQzFSR0hRBEFoFHJ yY4hO/avCa5M2OnS0V1WwNYVRSb/j9Mz2Ysmc8gZn7Rbd/Wkxe9VpY+iFhlxNcr/m4Bl EDBQ== X-Gm-Message-State: AOAM531QA4wW7NJw8og5QpqN6rsCeTFJIlS4pHnwrQGzfe9ioPuV/st6 q3kJ9LIDjbHl7O2FPduxg5nxsKDe1/1s10ts+FwyPQ+NZ/entLJn79vJcaYbX4i3T3rxEAoDFXy YY4hUjBdwVcn6aUcW7yyHgyDEy/ySUlB759ShKxPAFF5tV1iXTJkWheGeQJuo7Xrm X-Received: by 2002:a05:6a00:be5:b0:4e1:9050:1e16 with SMTP id x37-20020a056a000be500b004e190501e16mr26316100pfu.78.1646124044208; Tue, 01 Mar 2022 00:40:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJzSW1XpCPK3wLmJ212KpT+hOGu0zWtTtDF8mWy8PI/laH4dL3iF7J+yu/z7guawxE46IYNy+Q== X-Received: by 2002:a05:6a00:be5:b0:4e1:9050:1e16 with SMTP id x37-20020a056a000be500b004e190501e16mr26316067pfu.78.1646124043766; Tue, 01 Mar 2022 00:40:43 -0800 (PST) From: Peter Xu To: qemu-devel@nongnu.org Subject: [PATCH v2 25/25] tests: Pass in MigrateStart** into test_migrate_start() Date: Tue, 1 Mar 2022 16:39:25 +0800 Message-Id: <20220301083925.33483-26-peterx@redhat.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220301083925.33483-1-peterx@redhat.com> References: <20220301083925.33483-1-peterx@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=peterx@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=peterx@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Juan Quintela , "Dr . David Alan Gilbert" , peterx@redhat.com, Leonardo Bras Soares Passos Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1646126484364100001 Content-Type: text/plain; charset="utf-8" test_migrate_start() will release the MigrateStart structure that passed in, however that's not super clear to the caller because after the call returned the pointer can still be referenced by the callers. It can easily be a source of use-after-free. Let's pass in a double pointer of that, then we can safely clear the pointer for the caller after the struct is released. Signed-off-by: Peter Xu Reviewed-by: Dr. David Alan Gilbert --- tests/qtest/migration-test.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 09a9ce4401..67f0601988 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -496,7 +496,7 @@ static void migrate_start_destroy(MigrateStart *args) } =20 static int test_migrate_start(QTestState **from, QTestState **to, - const char *uri, MigrateStart *args) + const char *uri, MigrateStart **pargs) { g_autofree gchar *arch_source =3D NULL; g_autofree gchar *arch_target =3D NULL; @@ -508,6 +508,7 @@ static int test_migrate_start(QTestState **from, QTestS= tate **to, g_autofree char *shmem_path =3D NULL; const char *arch =3D qtest_get_arch(); const char *machine_opts =3D NULL; + MigrateStart *args =3D *pargs; const char *memory_size; int ret =3D 0; =20 @@ -622,6 +623,8 @@ static int test_migrate_start(QTestState **from, QTestS= tate **to, =20 out: migrate_start_destroy(args); + /* This tells the caller that this structure is gone */ + *pargs =3D NULL; return ret; } =20 @@ -668,7 +671,7 @@ static int migrate_postcopy_prepare(QTestState **from_p= tr, bool postcopy_preempt =3D args->postcopy_preempt; QTestState *from, *to; =20 - if (test_migrate_start(&from, &to, uri, args)) { + if (test_migrate_start(&from, &to, uri, &args)) { return -1; } =20 @@ -822,7 +825,7 @@ static void test_baddest(void) =20 args->hide_stderr =3D true; =20 - if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", args)) { + if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", &args)) { return; } migrate_qmp(from, "tcp:127.0.0.1:0", "{}"); @@ -838,7 +841,7 @@ static void test_precopy_unix_common(bool dirty_ring) =20 args->use_dirty_ring =3D dirty_ring; =20 - if (test_migrate_start(&from, &to, uri, args)) { + if (test_migrate_start(&from, &to, uri, &args)) { return; } =20 @@ -926,7 +929,7 @@ static void test_xbzrle(const char *uri) MigrateStart *args =3D migrate_start_new(); QTestState *from, *to; =20 - if (test_migrate_start(&from, &to, uri, args)) { + if (test_migrate_start(&from, &to, uri, &args)) { return; } =20 @@ -980,7 +983,7 @@ static void test_precopy_tcp(void) g_autofree char *uri =3D NULL; QTestState *from, *to; =20 - if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", args)) { + if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", &args)) { return; } =20 @@ -1025,7 +1028,7 @@ static void test_migrate_fd_proto(void) QDict *rsp; const char *error_desc; =20 - if (test_migrate_start(&from, &to, "defer", args)) { + if (test_migrate_start(&from, &to, "defer", &args)) { return; } =20 @@ -1105,7 +1108,7 @@ static void do_test_validate_uuid(MigrateStart *args,= bool should_fail) g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); QTestState *from, *to; =20 - if (test_migrate_start(&from, &to, uri, args)) { + if (test_migrate_start(&from, &to, uri, &args)) { return; } =20 @@ -1197,7 +1200,7 @@ static void test_migrate_auto_converge(void) */ const int64_t expected_threshold =3D max_bandwidth * downtime_limit / = 1000; =20 - if (test_migrate_start(&from, &to, uri, args)) { + if (test_migrate_start(&from, &to, uri, &args)) { return; } =20 @@ -1266,7 +1269,7 @@ static void test_multifd_tcp(const char *method) QDict *rsp; g_autofree char *uri =3D NULL; =20 - if (test_migrate_start(&from, &to, "defer", args)) { + if (test_migrate_start(&from, &to, "defer", &args)) { return; } =20 @@ -1352,7 +1355,7 @@ static void test_multifd_tcp_cancel(void) =20 args->hide_stderr =3D true; =20 - if (test_migrate_start(&from, &to, "defer", args)) { + if (test_migrate_start(&from, &to, "defer", &args)) { return; } =20 @@ -1391,7 +1394,7 @@ static void test_multifd_tcp_cancel(void) args =3D migrate_start_new(); args->only_target =3D true; =20 - if (test_migrate_start(&from, &to2, "defer", args)) { + if (test_migrate_start(&from, &to2, "defer", &args)) { return; } =20 --=20 2.32.0