[pve-devel] applied: [PATCH v2 qemu 1/2] replicated zfs migration: fix assertion failure with multiple disks

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Feb 24 17:40:59 CET 2025 

Am 24.02.25 um 15:57 schrieb Fiona Ebner:
> It is necessary to reset the error pointer after error_report_err(),
> because that function frees the error. Not doing so can lead to a
> use-after-free and in particular error_setg() with the same error
> pointer will run into assertion failure, because it asserts that no
> previous error is set:
> 
>> #5  0x00007c1723674eb2 in __GI___assert_fail (assertion=assertion at entry=0x59132c9fc540 "*errp == NULL",
>>     file=file at entry=0x59132c9fc530 "../util/error.c", line=line at entry=68,
>>     function=function at entry=0x59132c9fc5f8 <__PRETTY_FUNCTION__.2> "error_setv")
>> #6  0x000059132c7d250f in error_setv (errp=0x7c15839fafb8, src=0x59132c9af224 "../block/dirty-bitmap.c", line=182,
>>     func=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check", err_class=err_class at entry=ERROR_CLASS_GENERIC_ERROR,
>>     fmt=fmt at entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used", ap=0x7c15839fad60,
>>     suffix=0x0)
>> #7  0x000059132c7d265c in error_setg_internal (errp=errp at entry=0x7c15839fafb8,
>>     src=src at entry=0x59132c9af224 "../block/dirty-bitmap.c", line=line at entry=182,
>>     func=func at entry=0x59132c9af9b0 <__func__.17> "bdrv_dirty_bitmap_check",
>>     fmt=fmt at entry=0x59132c9af380 "Bitmap '%s' is currently in use by another operation and cannot be used")
>> #8  0x000059132c68fbc1 in bdrv_dirty_bitmap_check (bitmap=bitmap at entry=0x5913542d6190, flags=flags at entry=7,
>>     errp=errp at entry=0x7c15839fafb8)
>> #9  0x000059132c3b951d in add_bitmaps_to_list (s=s at entry=0x59132d87ee40 <dbm_state>, bs=bs at entry=0x591352d6b720,
>>     bs_name=bs_name at entry=0x591352d69900 "drive-scsi1", alias_map=alias_map at entry=0x0, errp=errp at entry=0x7c15839fafb8)
>> #10 0x000059132c3ba23d in init_dirty_bitmap_migration (errp=<optimized out>, s=0x59132d87ee40 <dbm_state>)
>> #11 dirty_bitmap_save_setup (f=0x591352ebdd30, opaque=0x59132d87ee40 <dbm_state>, errp=0x7c15839fafb8)
>> #12 0x000059132c3d81f0 in qemu_savevm_state_setup (f=0x591352ebdd30, errp=errp at entry=0x7c15839fafb8)
> 
> Fix created using the appropriate in-tree coccinelle script:
> spatch --in-place scripts/coccinelle/error-use-after-free.cocci migration/block-dirty-bitmap.c
> 
> The problematic change exposing the issue was part of 7882afe ("update
> submodule and patches to QEMU 9.1.2") adapting to QEMU 9.1, commit
> dd03167725 ("migration: Add Error** argument to
> add_bitmaps_to_list()"), where the add_bitmaps_to_list() function
> gained an error pointer argument, replacing the local error variable
> that was used before.
> 
> Fixes: 7882afe ("update submodule and patches to QEMU 9.1.2")
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
> ---
> 
> No changes in v2.
> 
>  ...tion-block-dirty-bitmap-migrate-other-bitmaps-e.patch | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
>

applied both patches, thanks!

And it's nice to see the use of structured/semantic patching through coccinelle.

More information about the pve-devel mailing list