Re: [PULL 00/12] Block layer patches for 5.1.0-rc1
On Fri, 17 Jul 2020 at 13:55, Kevin Wolf wrote: > > The following changes since commit 151f76c689b1ff4c2c59e6d8469a0d4fe5346f55: > > Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' > into staging (2020-07-16 21:46:18 +0100) > > are available in the Git repository at: > > git://repo.or.cz/qemu/kevin.git tags/for-upstream > > for you to fetch changes up to a8c5cf27c945d392edd85b0b0c64cd5c52cae658: > > file-posix: Fix leaked fd in raw_open_common() error path (2020-07-17 > 14:20:57 +0200) > > > Block layer patches: > > - file-posix: Fix read-only Linux block devices with auto-read-only > - Require aligned image size with O_DIRECT to avoid assertion failure > - Allow byte-aligned direct I/O on NFS instead of guessing 4k alignment > - Fix nbd_export_close_all() crash > - Fix race in iotests case 030 > - qemu-img resize: Require --shrink for shrinking all image formats > - crypto: use a stronger private key for tests > - Remove VXHS block device > - MAINTAINERS: vvfat: set status to odd fixes > Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1 for any user-visible changes. -- PMM
[PATCH-for-5.1] hw/ide/ahci: Do not dma_memory_unmap(NULL)
libFuzzer triggered the following assertion:
cat << EOF | qemu-system-i386 -M pc-q35-5.0 \
-nographic -monitor none -serial none -qtest stdio
outl 0xcf8 0x8000fa24
outl 0xcfc 0xe1068000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x7
outl 0xcf8 0x8000fb20
write 0xe1068304 0x1 0x21
write 0xe1068318 0x1 0x21
write 0xe1068384 0x1 0x21
write 0xe1068398 0x2 0x21
EOF
qemu-system-i386: exec.c:3621: address_space_unmap: Assertion `mr != NULL'
failed.
Aborted (core dumped)
This is because we don't check the return value from dma_memory_map()
which can return NULL, then we call dma_memory_unmap(NULL) which is
illegal. Fix by only unmap if the value is not NULL (and the size is
not the expected one).
Cc: qemu-sta...@nongnu.org
Reported-by: Alexander Bulekov
Fixes: f6ad2e32f8 ("ahci: add ahci emulation")
BugLink: https://bugs.launchpad.net/qemu/+bug/1884693
Signed-off-by: Philippe Mathieu-Daudé
---
hw/ide/ahci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 009120f88b..4f596cb9ce 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -250,7 +250,7 @@ static void map_page(AddressSpace *as, uint8_t **ptr,
uint64_t addr,
}
*ptr = dma_memory_map(as, addr, , DMA_DIRECTION_FROM_DEVICE);
-if (len < wanted) {
+if (len < wanted && *ptr) {
dma_memory_unmap(as, *ptr, len, DMA_DIRECTION_FROM_DEVICE, len);
*ptr = NULL;
}
--
2.21.3
Re: [PATCH 1/3] qemu: implementation of transient option for qcow2 file
On Thu, Jul 16, 2020 at 20:55:29 -0400, Masayoshi Mizuma wrote: > Thank you for your review. > > On Tue, Jul 07, 2020 at 06:36:23AM -0500, Eric Blake wrote: > > On 7/7/20 2:12 AM, Peter Krempa wrote: > > > > > You can install a qcow2 overlay on top of a raw file too. IMO the > > > implications of using allow that. > > > > > > As said above I'd strongly prefer if the overlay is created in qemu > > > using the blockdev-create blockjob (there is already infrastructure in > > > libvirt to achieve that). > > > > Agreed. At this point, any time we call out to qemu-img as a separate > > process, we are probably doing it wrong. > > Got it. I'm thinking about the procedure such as followings. > Does that make sense? > > 1) Open the monitor with qemuProcessQMPNew()/qemuProcessQMPStart(), > and connect it. Starting a new qemu process just to format an image is extreme overkill and definitely not what we want to do. > 2) Setup the transient disk with qemuDomainPrepareStorageSourceBlockdev(), > qemuBlockStorageSourceAttachApplyStorage(), > qemuBlockStorageSourceCreateGetFormatProps() > and something... > > 3) Run blockdev-create command with qemuMonitorBlockdevCreate(), then > close the monitor. These two steps should be exectued in the qemu process which already will run the VM prior to starting the guest CPUs. > 4) Switch the original disk to the transient disk. > > 5) Build the blockdev argument for qemu. And instead of this step, you use the external snapshot infrastructure to install the overlays via 'blockdev-snapshot' QMP command > > 6) Run qemu And instead of this the VM cpus will be started. The above steps require factoring out snapshot code a bit. I have a few patches in that direction so I'll try posting them next week hopefully.
