From patchwork Tue Dec 14 09:07:38 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoshiaki Tamura X-Patchwork-Id: 75474 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 0D8FC1007D1 for ; Tue, 14 Dec 2010 20:09:32 +1100 (EST) Received: from localhost ([127.0.0.1]:53645 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PSQsy-00054H-2V for incoming@patchwork.ozlabs.org; Tue, 14 Dec 2010 04:09:28 -0500 Received: from [140.186.70.92] (port=51090 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PSQsR-000547-D7 for qemu-devel@nongnu.org; Tue, 14 Dec 2010 04:08:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PSQsP-000890-SZ for qemu-devel@nongnu.org; Tue, 14 Dec 2010 04:08:55 -0500 Received: from sh.osrg.net ([192.16.179.4]:35475) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PSQsP-000876-AF for qemu-devel@nongnu.org; Tue, 14 Dec 2010 04:08:53 -0500 Received: from fs.osrg.net (postfix@fs.osrg.net [10.0.0.12]) by sh.osrg.net (8.14.3/8.14.3/OSRG-NET) with ESMTP id oBE98YQF012337; Tue, 14 Dec 2010 18:08:35 +0900 Received: from localhost (hype-nh0.osrg.net [10.72.1.48]) by fs.osrg.net (Postfix) with ESMTP id ED32B3E0404; Tue, 14 Dec 2010 18:08:34 +0900 (JST) From: Yoshiaki Tamura To: qemu-devel@nongnu.org Date: Tue, 14 Dec 2010 18:07:38 +0900 Message-Id: <1292317658-15798-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp> X-Mailer: git-send-email 1.7.1.2 X-Dispatcher: imput version 20070423(IM149) Lines: 40 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (sh.osrg.net [192.16.179.4]); Tue, 14 Dec 2010 18:08:37 +0900 (JST) X-Virus-Scanned: clamav-milter 0.96.5 at sh X-Virus-Status: Clean X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) Cc: aliguori@us.ibm.com, Yoshiaki Tamura , quintela@redhat.com Subject: [Qemu-devel] [PATCH] savevm: fix corruption in vmstate_subsection_load(). X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Although it's rare to happen in live migration, when the head of a byte stream contains 0x05 which is the marker of subsection, the loader gets corrupted because vmstate_subsection_load() continues even the device doesn't require it. This patch adds a checker whether subsection is needed, and skips following routines if not needed. Signed-off-by: Yoshiaki Tamura --- savevm.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/savevm.c b/savevm.c index d38f79e..72f6249 100644 --- a/savevm.c +++ b/savevm.c @@ -1633,6 +1633,12 @@ static const VMStateDescription *vmstate_get_subsection(const VMStateSubsection static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd, void *opaque) { + const VMStateSubsection *sub = vmsd->subsections; + + if (!sub || !sub->needed) { + return 0; + } + while (qemu_peek_byte(f) == QEMU_VM_SUBSECTION) { char idstr[256]; int ret; @@ -1645,7 +1651,7 @@ static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd, idstr[len] = 0; version_id = qemu_get_be32(f); - sub_vmsd = vmstate_get_subsection(vmsd->subsections, idstr); + sub_vmsd = vmstate_get_subsection(sub, idstr); if (sub_vmsd == NULL) { return -ENOENT; }