Re: [PULL 00/62] Misc patches for 2019-12-16

[Dr. David Alan Gilbert]

* Peter Maydell (address@hidden) wrote:
> On Mon, 16 Dec 2019 at 16:34, Paolo Bonzini <address@hidden> wrote:
> >
> > The following changes since commit 084a398bf8aa7634738e6c6c0103236ee1b3b72f:
> >
> >   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> > into staging (2019-12-13 18:14:07 +0000)
> >
> > are available in the git repository at:
> >
> >
> >   git://github.com/bonzini/qemu.git tags/for-upstream
> >
> > for you to fetch changes up to cfba0eb1146e7ccf839df29fd99cb90dd3c7640a:
> >
> >   colo: fix return without releasing RCU (2019-12-16 17:25:46 +0100)
> >
> > ----------------------------------------------------------------
> > * More uses of RCU_READ_LOCK_GUARD (Dave, myself)
> > * QOM doc improvments (Greg)
> > * Cleanups from the Meson conversion (Marc-André)
> > * Support for multiple -accel options (myself)
> > * Many x86 machine cleanup (Philippe, myself)
> > * tests/migration-test cleanup (Juan)
> >
> > ----------------------------------------------------------------
> 
> This generates a set of extra warnings from the clang runtime
> sanitizers:
> 
> (1) in the bios-tables-test:
> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386
> QTEST_QEMU_IMG=qemu-img tests/bios-tabl
> es-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl
> --test-name="bios-tables-test"
> /home/petmay01/linaro/qemu-for-merges/qom/object.c:390:16: runtime
> error: load of value 22, which is not a valid value for type 'bool'
> 
> Looking for expected file 'tests/data/acpi/pc/FACP'
> Using expected file 'tests/data/acpi/pc/FACP'
> Looking for expected file 'tests/data/acpi/pc/APIC'
> Using expected file 'tests/data/acpi/pc/APIC'
> Looking for expected file 'tests/data/acpi/pc/HPET'
> Using expected file 'tests/data/acpi/pc/HPET'
> Looking for expected file 'tests/data/acpi/pc/FACS'
> Using expected file 'tests/data/acpi/pc/FACS'
> Looking for expected file 'tests/data/acpi/pc/DSDT'
> Using expected file 'tests/data/acpi/pc/DSDT'
> PASS 1 bios-tables-test /i386/acpi/piix4
> /home/petmay01/linaro/qemu-for-merges/qom/object.c:390:16: runtime
> error: load of value 151, which is not a valid value for type 'bool'
> 
> (and others similar)
> 
> and in the migration-test:
> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386
> QTEST_QEMU_IMG=qemu-img tests/migration-test -m=quick -k --tap <
> /dev/null | ./scripts/tap-driver.pl --test-name="migration-test"
> PASS 1 migration-test /i386/migration/deprecated
> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:689:15:
> runtime error: load of value 255, which is not a valid value for type
> 'bool'
> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:690:16:
> runtime error: null pointer passed as argument 1, which is declared to
> never be null
> /usr/include/unistd.h:828:48: note: nonnull attribute specified here

That's a use-after-free from Juan's 'migration-test: Use a struct for
test_migrate_start parameters';  it's calling migrate_start_destroy and
then checks args->use_shmem.

Dave

> PASS 2 migration-test /i386/migration/bad_dest
> PASS 3 migration-test /i386/migration/fd_proto
> PASS 4 migration-test /i386/migration/validate_uuid
> PASS 5 migration-test /i386/migration/validate_uuid_error
> 
> I also saw a hang in migration-test (x86 host, aarch64 guest),
> but that didn't reoccur on my rerun, so it's intermittent and
> might be present already in master.
> 
> thanks
> -- PMM
> 
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK