qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 15/21] migration/block-dirty-bitmap: relax error handling

From: Dr. David Alan Gilbert
Subject: Re: [PATCH v3 15/21] migration/block-dirty-bitmap: relax error handling in incoming part
Date: Mon, 27 Jul 2020 12:16:36 +0100
User-agent: Mutt/1.14.5 (2020-06-23) 
* Vladimir Sementsov-Ogievskiy (vsementsov@virtuozzo.com) wrote:
> 24.07.2020 20:35, Eric Blake wrote:
> > On 7/24/20 3:43 AM, Vladimir Sementsov-Ogievskiy wrote:
> > > Bitmaps data is not critical, and we should not fail the migration (or
> > > use postcopy recovering) because of dirty-bitmaps migration failure.
> > > Instead we should just lose unfinished bitmaps.
> > > 
> > > Still we have to report io stream violation errors, as they affect the
> > > whole migration stream.
> > > 
> > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> > > ---
> > >   migration/block-dirty-bitmap.c | 152 +++++++++++++++++++++++++--------
> > >   1 file changed, 117 insertions(+), 35 deletions(-)
> > > 
> > 
> > > @@ -650,15 +695,32 @@ static int dirty_bitmap_load_bits(QEMUFile *f, 
> > > DBMLoadState *s)
> > >       if (s->flags & DIRTY_BITMAP_MIG_FLAG_ZEROES) {
> > >           trace_dirty_bitmap_load_bits_zeroes();
> > > -        bdrv_dirty_bitmap_deserialize_zeroes(s->bitmap, 
> > > first_byte, nr_bytes,
> > > -                                    
> > >          false);
> > > +        if (!s->cancelled) {
> > > +            bdrv_dirty_bitmap_deserialize_zeroes(s->bitmap, 
> > > first_byte,
> > > +                                    
> > >              nr_bytes, false);
> > > +        }
> > >       } else {
> > >           size_t ret;
> > >           uint8_t *buf;
> > >           uint64_t buf_size = qemu_get_be64(f);
> > 
> > Pre-existing, but if I understand, we are reading a value from the 
> > migration stream...
> 
> Hmm, actually, this becomes worse after patch, as before patch we had the 
> check, that the size at least corresponds to the bitmap.. But we want to 
> relax things in cancelled mode (and we may not have any bitmap). Most correct 
> thing is to use read in a loop to just skip the data from stream if we are in 
> cancelled mode (something like nbd_drop()).
> 
> I can fix this with a follow-up patch.

If the size is bogus, it's probably not worth trying to skip anything
because it could be just a broken/misaligned stream.

Dave

> > 
> > > -        uint64_t needed_size =
> > > -            bdrv_dirty_bitmap_serialization_size(s->bitmap,
> > > -                                    
> > >              first_byte, nr_bytes);
> > > +        uint64_t needed_size;
> > > +
> > > +        buf = g_malloc(buf_size);
> > > +        ret = qemu_get_buffer(f, buf, buf_size);
> > 
> > ...and using it to malloc memory.  Is that a potential risk of a malicious 
> > stream causing us to allocate too much memory in relation to the guest's 
> > normal size?  If so, fixing that should be done separately.
> > 
> > I'm not a migration expert, but the patch looks reasonable to me.
> > 
> > Reviewed-by: Eric Blake <eblake@redhat.com>
> > 
> 
> 
> -- 
> Best regards,
> Vladimir
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
reply via email to
[Prev in Thread] Current Thread [Next in Thread]