Re: [Qemu-devel] [PULL 11/13] migration: add postcopy migration of dirty bitmaps

Tue, 16 Oct 2018 05:26:12 -0700 

On 20 June 2018 at 17:58, John Snow <js...@redhat.com> wrote:
>
>
> On 06/20/2018 12:43 PM, Peter Maydell wrote:
>> On 27 April 2018 at 14:22, Peter Maydell <peter.mayd...@linaro.org> wrote:
>>> On 13 March 2018 at 21:14, John Snow <js...@redhat.com> wrote:
>>>> From: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
>>>>
>>>> Postcopy migration of dirty bitmaps. Only named dirty bitmaps are migrated.
>>>>
>>>> If destination qemu is already containing a dirty bitmap with the same name
>>>> as a migrated bitmap (for the same node), then, if their granularities are
>>>> the same the migration will be done, otherwise the error will be generated.
>>>>
>>>> If destination qemu doesn't contain such bitmap it will be created.
>>>>
>>>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
>>>> Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
>>>> Message-id: 20180313180320.339796-12-vsement...@virtuozzo.com
>>>> [Changed '+' to '*' as per list discussion. --js]
>>>> Signed-off-by: John Snow <js...@redhat.com>
>>>
>>>> +static int init_dirty_bitmap_migration(void)
>>>> +{
>>>
>>> Hi; Coverity (CID1390625) complains about a possible dereference
>>> after NULL check in this function:
>>>
>>>> +    BlockDriverState *bs;
>>>> +    BdrvDirtyBitmap *bitmap;
>>>> +    DirtyBitmapMigBitmapState *dbms;
>>>> +    BdrvNextIterator it;
>>>> +
>>>> +    dirty_bitmap_mig_state.bulk_completed = false;
>>>> +    dirty_bitmap_mig_state.prev_bs = NULL;
>>>> +    dirty_bitmap_mig_state.prev_bitmap = NULL;
>>>> +    dirty_bitmap_mig_state.no_bitmaps = false;
>>>> +
>>>> +    for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
>>>> +        const char *drive_name = bdrv_get_device_or_node_name(bs);
>>>> +
>>>> +        /* skip automatically inserted nodes */
>>>> +        while (bs && bs->drv && bs->implicit) {
>>>> +            bs = backing_bs(bs);
>>>> +        }
>>>
>>> The 'bs' test in this while() loop implies that we might
>>> leave the loop because bs == NULL...
>>>
>>>> +
>>>> +        for (bitmap = bdrv_dirty_bitmap_next(bs, NULL); bitmap;
>>>
>>> ...but this call to bdrv_dirty_bitmap_next() will always
>>> dereference bs, so if it's NULL we'll crash.
>>>
>>>> +             bitmap = bdrv_dirty_bitmap_next(bs, bitmap))
>>
>> Hi -- just a nudge that Coverity thinks this one is still unfixed.

> Thank you for the reminder, I've been a bit scatter-brained recently.

Ping? This is still in Coverity's list of unfixed issues.

thanks
-- PMM

Reply via email to