[PULL 17/18] tests: Pass in MigrateStart** into test_migrate

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 17/18] tests: Pass in MigrateStart** into test_migrate_start()

From:	Dr. David Alan Gilbert (git)
Subject:	[PULL 17/18] tests: Pass in MigrateStart** into test_migrate_start()
Date:	Wed, 2 Mar 2022 18:29:35 +0000

From: Peter Xu <peterx@redhat.com>

test_migrate_start() will release the MigrateStart structure that passed
in, however that's not super clear to the caller because after the call
returned the pointer can still be referenced by the callers.  It can easily
be a source of use-after-free.

Let's pass in a double pointer of that, then we can safely clear the
pointer for the caller after the struct is released.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20220301083925.33483-26-peterx@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
  dgilbert: Fixup apply since I didn't take 24/25
---
 tests/qtest/migration-test.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 7b42f6fd90..0870656d82 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -495,7 +495,7 @@ static void migrate_start_destroy(MigrateStart *args)
 }
 
 static int test_migrate_start(QTestState **from, QTestState **to,
-                              const char *uri, MigrateStart *args)
+                              const char *uri, MigrateStart **pargs)
 {
     g_autofree gchar *arch_source = NULL;
     g_autofree gchar *arch_target = NULL;
@@ -507,6 +507,7 @@ static int test_migrate_start(QTestState **from, QTestState 
**to,
     g_autofree char *shmem_path = NULL;
     const char *arch = qtest_get_arch();
     const char *machine_opts = NULL;
+    MigrateStart *args = *pargs;
     const char *memory_size;
     int ret = 0;
 
@@ -621,6 +622,8 @@ static int test_migrate_start(QTestState **from, QTestState 
**to,
 
 out:
     migrate_start_destroy(args);
+    /* This tells the caller that this structure is gone */
+    *pargs = NULL;
     return ret;
 }
 
@@ -665,7 +668,7 @@ static int migrate_postcopy_prepare(QTestState **from_ptr,
     g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
     QTestState *from, *to;
 
-    if (test_migrate_start(&from, &to, uri, args)) {
+    if (test_migrate_start(&from, &to, uri, &args)) {
         return -1;
     }
 
@@ -788,7 +791,7 @@ static void test_baddest(void)
 
     args->hide_stderr = true;
 
-    if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", args)) {
+    if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", &args)) {
         return;
     }
     migrate_qmp(from, "tcp:127.0.0.1:0", "{}");
@@ -804,7 +807,7 @@ static void test_precopy_unix_common(bool dirty_ring)
 
     args->use_dirty_ring = dirty_ring;
 
-    if (test_migrate_start(&from, &to, uri, args)) {
+    if (test_migrate_start(&from, &to, uri, &args)) {
         return;
     }
 
@@ -892,7 +895,7 @@ static void test_xbzrle(const char *uri)
     MigrateStart *args = migrate_start_new();
     QTestState *from, *to;
 
-    if (test_migrate_start(&from, &to, uri, args)) {
+    if (test_migrate_start(&from, &to, uri, &args)) {
         return;
     }
 
@@ -946,7 +949,7 @@ static void test_precopy_tcp(void)
     g_autofree char *uri = NULL;
     QTestState *from, *to;
 
-    if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", args)) {
+    if (test_migrate_start(&from, &to, "tcp:127.0.0.1:0", &args)) {
         return;
     }
 
@@ -991,7 +994,7 @@ static void test_migrate_fd_proto(void)
     QDict *rsp;
     const char *error_desc;
 
-    if (test_migrate_start(&from, &to, "defer", args)) {
+    if (test_migrate_start(&from, &to, "defer", &args)) {
         return;
     }
 
@@ -1071,7 +1074,7 @@ static void do_test_validate_uuid(MigrateStart *args, 
bool should_fail)
     g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
     QTestState *from, *to;
 
-    if (test_migrate_start(&from, &to, uri, args)) {
+    if (test_migrate_start(&from, &to, uri, &args)) {
         return;
     }
 
@@ -1163,7 +1166,7 @@ static void test_migrate_auto_converge(void)
      */
     const int64_t expected_threshold = max_bandwidth * downtime_limit / 1000;
 
-    if (test_migrate_start(&from, &to, uri, args)) {
+    if (test_migrate_start(&from, &to, uri, &args)) {
         return;
     }
 
@@ -1232,7 +1235,7 @@ static void test_multifd_tcp(const char *method)
     QDict *rsp;
     g_autofree char *uri = NULL;
 
-    if (test_migrate_start(&from, &to, "defer", args)) {
+    if (test_migrate_start(&from, &to, "defer", &args)) {
         return;
     }
 
@@ -1318,7 +1321,7 @@ static void test_multifd_tcp_cancel(void)
 
     args->hide_stderr = true;
 
-    if (test_migrate_start(&from, &to, "defer", args)) {
+    if (test_migrate_start(&from, &to, "defer", &args)) {
         return;
     }
 
@@ -1357,7 +1360,7 @@ static void test_multifd_tcp_cancel(void)
     args = migrate_start_new();
     args->only_target = true;
 
-    if (test_migrate_start(&from, &to2, "defer", args)) {
+    if (test_migrate_start(&from, &to2, "defer", &args)) {
         return;
     }
 
-- 
2.35.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 05/18] qapi/monitor: allow VNC display id in set/expire_password, (continued)
- [PULL 05/18] qapi/monitor: allow VNC display id in set/expire_password, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 06/18] migration/rdma: set the REUSEADDR option for destination, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 09/18] migration: Tracepoint change in postcopy-run bottom half, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 11/18] migration: Dump ramblock and offset too when non-same-page detected, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 14/18] migration: Enlarge postcopy recovery to capture !-EIO too, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 10/18] migration: Introduce postcopy channels on dest node, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 13/18] migration: Move static var in ram_block_from_stream() into global, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 12/18] migration: Add postcopy_thread_create(), Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 15/18] migration: postcopy_pause_fault_thread() never fails, Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 16/18] migration: Add migration_incoming_transport_cleanup(), Dr. David Alan Gilbert (git), 2022/03/02
- [PULL 17/18] tests: Pass in MigrateStart** into test_migrate_start(), Dr. David Alan Gilbert (git) <=
- [PULL 18/18] migration: Remove load_state_old and minimum_version_id_old, Dr. David Alan Gilbert (git), 2022/03/02
- Re: [PULL 00/18] migration queue, Peter Maydell, 2022/03/03
  - Re: [PULL 00/18] migration queue, Philippe Mathieu-Daudé, 2022/03/08
    - Re: [PULL 00/18] migration queue, Dr. David Alan Gilbert, 2022/03/08
    - Re: [PULL 00/18] migration queue, Peter Maydell, 2022/03/14
    - Re: [PULL 00/18] migration queue, Daniel P . Berrangé, 2022/03/14
    - Re: [PULL 00/18] migration queue, Peter Maydell, 2022/03/14
    - Re: [PULL 00/18] migration queue, Daniel P . Berrangé, 2022/03/14
    - Re: [PULL 00/18] migration queue, Dr. David Alan Gilbert, 2022/03/14
    - Re: [PULL 00/18] migration queue, Peter Maydell, 2022/03/14

Prev by Date: [PULL 16/18] migration: Add migration_incoming_transport_cleanup()
Next by Date: [PULL 18/18] migration: Remove load_state_old and minimum_version_id_old
Previous by thread: [PULL 16/18] migration: Add migration_incoming_transport_cleanup()
Next by thread: [PULL 18/18] migration: Remove load_state_old and minimum_version_id_old
Index(es):
- Date
- Thread