From nobody Fri Nov 14 18:23:13 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=reject dis=none) header.from=rsg.ci.i.u-tokyo.ac.jp Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1761207145211529.3478751977915; Thu, 23 Oct 2025 01:12:25 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vBqPw-00074V-RK; Thu, 23 Oct 2025 04:11:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vBqPu-00072F-A0; Thu, 23 Oct 2025 04:11:26 -0400 Received: from www3579.sakura.ne.jp ([49.212.243.89]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vBqPp-0005jX-5F; Thu, 23 Oct 2025 04:11:26 -0400 Received: from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp [133.11.54.205]) (authenticated bits=0) by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 59N8B470071845 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 23 Oct 2025 17:11:14 +0900 (JST) (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp) DKIM-Signature: a=rsa-sha256; bh=YI6AcWaknwGQjA/0MF5wdHYKtn9Hg1bdj98qn4IDn0A=; c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp; h=From:Date:Subject:Message-Id:To; s=rs20250326; t=1761207074; v=1; b=OwlA73iGe/K3hEFtZ46pXIi+LjKZXIUI/mFWRGa368y0qUem3dfypprMgBndgxv+ R4hRFbGvVqG0NweEXB7vbcYeIpB6NbHt9711jEJqrdrr6oa+Y+dFDYe3dlJ9m2mx i2J970XsZnJbw4Grs+o04urEKAdNI1yqQp8L5kDSU5E/xYdIlXXvXY3R0YyByvC1 WJAh086/uh2eKl9QjUZtJBVfGx3853RxTAFN8zZ5XmErBLFLBFBBZFs2PHsBEihe PChZoOvoRp2d0SSCOFaCD76XV+DhWq6rDYjMhpiet57RGrlqWvAFmSufWGgtSju2 LmZ0fCUpOkaFYUewcmEtoQ== From: Akihiko Odaki Date: Thu, 23 Oct 2025 17:10:58 +0900 Subject: [PATCH 1/2] qemu-img: Fix amend option parse error handling MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-iotests-v1-1-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> References: <20251023-iotests-v1-0-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> In-Reply-To: <20251023-iotests-v1-0-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> To: qemu-devel@nongnu.org Cc: Kevin Wolf , Hanna Reitz , qemu-block@nongnu.org, Akihiko Odaki X-Mailer: b4 0.15-dev-179e8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=49.212.243.89; envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1761207150829154100 qemu_opts_del(opts) dereferences opts->list, which is the old amend_opts pointer that can be dangling after executing qemu_opts_append(amend_opts, bs->drv->create_opts) and cause use-after-free. Fix the potential use-after-free by moving the qemu_opts_del() call before the qemu_opts_append() call. Signed-off-by: Akihiko Odaki --- qemu-img.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu-img.c b/qemu-img.c index 7a162fdc08d3..63961e2b76f0 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -4571,9 +4571,9 @@ static int img_amend(const img_cmd_t *ccmd, int argc,= char **argv) amend_opts =3D qemu_opts_append(amend_opts, bs->drv->amend_opts); opts =3D qemu_opts_create(amend_opts, NULL, 0, &error_abort); if (!qemu_opts_do_parse(opts, options, NULL, &err)) { + qemu_opts_del(opts); /* Try to parse options using the create options */ amend_opts =3D qemu_opts_append(amend_opts, bs->drv->create_opts); - qemu_opts_del(opts); opts =3D qemu_opts_create(amend_opts, NULL, 0, &error_abort); if (qemu_opts_do_parse(opts, options, NULL, NULL)) { error_append_hint(&err, --=20 2.51.0 From nobody Fri Nov 14 18:23:13 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=reject dis=none) header.from=rsg.ci.i.u-tokyo.ac.jp Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1761207151563804.5004963709075; Thu, 23 Oct 2025 01:12:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vBqPx-00075B-E4; Thu, 23 Oct 2025 04:11:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vBqPt-0006zU-3z; Thu, 23 Oct 2025 04:11:25 -0400 Received: from www3579.sakura.ne.jp ([49.212.243.89]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vBqPp-0005jb-56; Thu, 23 Oct 2025 04:11:24 -0400 Received: from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp [133.11.54.205]) (authenticated bits=0) by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 59N8B471071845 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 23 Oct 2025 17:11:14 +0900 (JST) (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp) DKIM-Signature: a=rsa-sha256; bh=HCFiz1S1b6I1iKxAHjbd3TDsQoWjLO5k05+NL3oD3BQ=; c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp; h=From:Date:Subject:Message-Id:To; s=rs20250326; t=1761207074; v=1; b=iJyPWuEpPcs+vTa9ZXATweR48P+6Kn7E0jLNkClk9RM+0wx6NjXi43EMmpSCNpPe aW43P3uzLAgy6RjJ/sOFL5AIYu9gpSLzOD+0tZRGB6qWXmT/O6C7Xrug0qBYPCgq LrfWu09NK7xS+OEYrG+BqP0q+qbF8TB6SNxbxqhA5pJc5PpdhAkbln/HV9E/E113 p60hViYA8aKOk/Z9jqtjhdy34Thmwwmjkcj5JkTSWF257v16bbRqj1w6ZH8jrzbC +4YekIDO5O/BhvkQmRh4E1zHOlT/s0cP7kbp14+HBvGynpqDnirRe2G+ym+h97Nf 0WegOpHi1Vo4oOq2qzCiQA== From: Akihiko Odaki Date: Thu, 23 Oct 2025 17:10:59 +0900 Subject: [PATCH 2/2] iotests: Run iotests with sanitizers MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-iotests-v1-2-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> References: <20251023-iotests-v1-0-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> In-Reply-To: <20251023-iotests-v1-0-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> To: qemu-devel@nongnu.org Cc: Kevin Wolf , Hanna Reitz , qemu-block@nongnu.org, Akihiko Odaki X-Mailer: b4 0.15-dev-179e8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=49.212.243.89; envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1761207153936154100 Commit 2cc4d1c5eab1 ("tests/check-block: Skip iotests when sanitizers are enabled") changed iotests to skip when sanitizers are enabled. The rationale is that AddressSanitizer emits warnings and reports leaks, which results in test breakage. Later, sanitizers that are enabled for production environments (safe-stack and cfi-icall) were exempted. However, this approach has a few problems. - It requires rebuild to disable sanitizers if the existing build has them enabled. - It disables other useful non-production sanitizers. - The exemption of safe-stack and cfi-icall is not correctly implemented, so qemu-iotests are incorrectly enabled whenever either safe-stack or cfi-icall is enabled *and*, even if there is another sanitizer like AddressSanitizer. To solve these problems, direct AddressSanitizer warnings to separate files to avoid changing the test results, and selectively disable leak detection at runtime instead of requiring to disable all sanitizers at buildtime. Signed-off-by: Akihiko Odaki Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- tests/qemu-iotests/meson.build | 8 -------- tests/qemu-iotests/testrunner.py | 12 ++++++++++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/qemu-iotests/meson.build b/tests/qemu-iotests/meson.build index fad340ad5957..56b04468274a 100644 --- a/tests/qemu-iotests/meson.build +++ b/tests/qemu-iotests/meson.build @@ -2,14 +2,6 @@ if not have_tools or host_os =3D=3D 'windows' subdir_done() endif =20 -foreach cflag: qemu_ldflags - if cflag.startswith('-fsanitize') and \ - not cflag.contains('safe-stack') and not cflag.contains('cfi-icall') - message('Sanitizers are enabled =3D=3D> Disabled the qemu-iotests.') - subdir_done() - endif -endforeach - bash =3D find_program('bash', required: false, version: '>=3D 4.0') if not bash.found() message('bash >=3D v4.0 not available =3D=3D> Disabled the qemu-iotests.= ') diff --git a/tests/qemu-iotests/testrunner.py b/tests/qemu-iotests/testrunn= er.py index 14cc8492f9fb..e2a365899414 100644 --- a/tests/qemu-iotests/testrunner.py +++ b/tests/qemu-iotests/testrunner.py @@ -263,10 +263,21 @@ def do_run_test(self, test: str) -> TestResult: Path(env[d]).mkdir(parents=3DTrue, exist_ok=3DTrue) =20 test_dir =3D env['TEST_DIR'] + f_asan =3D Path(test_dir, f_test.name + '.out.asan') f_bad =3D Path(test_dir, f_test.name + '.out.bad') f_notrun =3D Path(test_dir, f_test.name + '.notrun') f_casenotrun =3D Path(test_dir, f_test.name + '.casenotrun') =20 + env['ASAN_OPTIONS'] =3D f'detect_leaks=3D0:log_path=3D{f_asan}' + + def unlink_asan(): + with os.scandir(test_dir) as it: + for entry in it: + if entry.name.startswith(f_asan.name): + os.unlink(entry) + + unlink_asan() + for p in (f_notrun, f_casenotrun): silent_unlink(p) =20 @@ -312,6 +323,7 @@ def do_run_test(self, test: str) -> TestResult: description=3Df'output mismatch (see {f_bad}= )', diff=3Ddiff, casenotrun=3Dcasenotrun) else: + unlink_asan() f_bad.unlink() return TestResult(status=3D'pass', elapsed=3Delapsed, casenotrun=3Dcasenotrun) --=20 2.51.0