Skip to content

Commit db80fac

Browse files
plievenJuan Quintela
plieven
authored and
Juan Quintela
committed
migration: catch unknown flags in ram_load
if a saved vm has unknown flags in the memory data qemu currently simply ignores this flag and continues which yields in an unpredictable result. This patch catches all unknown flags and aborts the loading of the vm. Additionally error reports are thrown if the migration aborts abnormally. Signed-off-by: Peter Lieven <[email protected]> Signed-off-by: Juan Quintela <[email protected]>
1 parent 2a93434 commit db80fac

File tree

2 files changed

+24
-20
lines changed

2 files changed

+24
-20
lines changed

arch_init.c

Lines changed: 23 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1040,17 +1040,15 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
10401040
{
10411041
ram_addr_t addr;
10421042
int flags, ret = 0;
1043-
int error;
10441043
static uint64_t seq_iter;
10451044

10461045
seq_iter++;
10471046

10481047
if (version_id != 4) {
10491048
ret = -EINVAL;
1050-
goto done;
10511049
}
10521050

1053-
do {
1051+
while (!ret) {
10541052
addr = qemu_get_be64(f);
10551053

10561054
flags = addr & ~TARGET_PAGE_MASK;
@@ -1078,7 +1076,6 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
10781076
" in != " RAM_ADDR_FMT, id, length,
10791077
block->length);
10801078
ret = -EINVAL;
1081-
goto done;
10821079
}
10831080
break;
10841081
}
@@ -1088,21 +1085,22 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
10881085
error_report("Unknown ramblock \"%s\", cannot "
10891086
"accept migration", id);
10901087
ret = -EINVAL;
1091-
goto done;
1088+
}
1089+
if (ret) {
1090+
break;
10921091
}
10931092

10941093
total_ram_bytes -= length;
10951094
}
1096-
}
1097-
1098-
if (flags & RAM_SAVE_FLAG_COMPRESS) {
1095+
} else if (flags & RAM_SAVE_FLAG_COMPRESS) {
10991096
void *host;
11001097
uint8_t ch;
11011098

11021099
host = host_from_stream_offset(f, addr, flags);
11031100
if (!host) {
1101+
error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
11041102
ret = -EINVAL;
1105-
goto done;
1103+
break;
11061104
}
11071105

11081106
ch = qemu_get_byte(f);
@@ -1112,33 +1110,39 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id)
11121110

11131111
host = host_from_stream_offset(f, addr, flags);
11141112
if (!host) {
1113+
error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
11151114
ret = -EINVAL;
1116-
goto done;
1115+
break;
11171116
}
11181117

11191118
qemu_get_buffer(f, host, TARGET_PAGE_SIZE);
11201119
} else if (flags & RAM_SAVE_FLAG_XBZRLE) {
11211120
void *host = host_from_stream_offset(f, addr, flags);
11221121
if (!host) {
1122+
error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
11231123
ret = -EINVAL;
1124-
goto done;
1124+
break;
11251125
}
11261126

11271127
if (load_xbzrle(f, addr, host) < 0) {
1128+
error_report("Failed to decompress XBZRLE page at "
1129+
RAM_ADDR_FMT, addr);
11281130
ret = -EINVAL;
1129-
goto done;
1131+
break;
11301132
}
11311133
} else if (flags & RAM_SAVE_FLAG_HOOK) {
11321134
ram_control_load_hook(f, flags);
1135+
} else if (flags & RAM_SAVE_FLAG_EOS) {
1136+
/* normal exit */
1137+
break;
1138+
} else {
1139+
error_report("Unknown migration flags: %#x", flags);
1140+
ret = -EINVAL;
1141+
break;
11331142
}
1134-
error = qemu_file_get_error(f);
1135-
if (error) {
1136-
ret = error;
1137-
goto done;
1138-
}
1139-
} while (!(flags & RAM_SAVE_FLAG_EOS));
1143+
ret = qemu_file_get_error(f);
1144+
}
11401145

1141-
done:
11421146
DPRINTF("Completed load of VM with exit code %d seq iteration "
11431147
"%" PRIu64 "\n", ret, seq_iter);
11441148
return ret;

migration.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ static void process_incoming_migration_co(void *opaque)
9898
qemu_fclose(f);
9999
free_xbzrle_decoded_buf();
100100
if (ret < 0) {
101-
fprintf(stderr, "load of migration failed\n");
101+
error_report("load of migration failed: %s", strerror(-ret));
102102
exit(EXIT_FAILURE);
103103
}
104104
qemu_announce_self();

0 commit comments

Comments
 (0)