Re: [Qemu-block] [PATCH v2 1/1] qemu/migration: fix the double free problem on from_src_file

[Juan Quintela]

Kevin Wolf <address@hidden> wrote:
> Am 06.06.2017 um 07:24 hat QingFeng Hao geschrieben:
>> In load_snapshot, mis->from_src_file is freed twice, the first free is by
>> qemu_fclose, the second is by migration_incoming_state_destroy and
>> it causes Illegal instruction exception. The fix is just to remove the
>> first free.
>> 
>> This problem is found by qemu-iotests case 068 since commit
>> "660819b migration: shut src return path unconditionally". The error is:
>> 068 1s ... - output mismatch (see 068.out.bad)
>>     --- tests/qemu-iotests/068.out   2017-05-06 01:00:26.417270437 +0200
>>     +++ 068.out.bad  2017-06-03 13:59:55.360274640 +0200
>>     @@ -6,6 +6,8 @@
>>      QEMU X.Y.Z monitor - type 'help' for more information
>>      (qemu) savevm 0
>>      (qemu) quit
>>     +./common.config: line 107: 242472 Illegal instruction     (core dumped) 
>> ( if [ -n "${QEMU_NEED_PID}" ]; then
>>     +    echo $BASHPID > "${QEMU_TEST_DIR}/qemu-${_QEMU_HANDLE}.pid";
>>     +fi; exec "$QEMU_PROG" $QEMU_OPTIONS "$@" )
>>      QEMU X.Y.Z monitor - type 'help' for more information
>>     -(qemu) quit
>>     -*** done
>>     +(qemu) *** done
>> 
>> Signed-off-by: QingFeng Hao <address@hidden>
>> Reviewed-by: Dr. David Alan Gilbert <address@hidden>
>> Reviewed-by: Peter Xu <address@hidden>
>
> Dave, as you only gave R-b rather than merging the patch, should this be
> merged through the block tree?

I got it.  I will send a pull request later Today.


>
> Did we check other callers of migration_incoming_state_destroy()?
>
> For example, qmp_xen_load_devices_state() looks suspicious, too.
>
> I can't tell for postcopy_ram_listen_thread() - commit 660819b didn't
> seem to remove a qemu_fclose() call there, but I can't see one left
> behind either. Was the file leaked before commit 660819b or am I
> missing something?

I will take a look at those.

Thanks, Juan.