1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
Image corruption during snapshot creation/deletion
Hello,
The creation/deletion of snapshots sometimes crashes and corrupts the VM image and provoke a segmentation fault in "strcmp", called from "bdrv_snapshot_find".
Here is a patch that temporarily fixes that (it fixes the segfault but not its reason) :
--- qemu-kvm-0.12.2-old/savevm.c 2010-01-18 19:48:25.000000000 +0100
+++ qemu-kvm-0.12.2/savevm.c 2010-02-12 13:45:07.225644169 +0100
@@ -1624,6 +1624,7 @@
int nb_sns, i, ret;
ret = -ENOENT;
+ if (!name) return ret;
nb_sns = bdrv_snapshot_list(bs, &sn_tab);
if (nb_sns < 0)
return ret;
@@ -1649,6 +1650,8 @@
QEMUSnapshotInfo sn1, *snapshot = &sn1;
int ret;
+ if (!name) return 0;
+
QTAILQ_FOREACH(dinfo, &drives, next) {
bs = dinfo->bdrv;
if (bdrv_can_snapshot(bs) &&
@@ -1777,6 +1780,11 @@
QTAILQ_FOREACH(dinfo, &drives, next) {
bs1 = dinfo->bdrv;
if (bdrv_has_snapshot(bs1)) {
+ if (!name) {
+ monitor_printf(mon, "Could not find snapshot 'NULL' on "
+ "device '%s'\n",
+ bdrv_get_device_name(bs1));
+ }
ret = bdrv_snapshot_goto(bs1, name);
if (ret < 0) {
if (bs != bs1)
@@ -1804,6 +1812,11 @@
}
}
+ if (!name) {
+ monitor_printf(mon, "VM state name is NULL\n");
+ return -EINVAL;
+ }
+
/* Don't even try to load empty VM states */
ret = bdrv_snapshot_find(bs, &sn, name);
if ((ret >= 0) && (sn.vm_state_size == 0))
@@ -1840,6 +1853,11 @@
QTAILQ_FOREACH(dinfo, &drives, next) {
bs1 = dinfo->bdrv;
if (bdrv_has_snapshot(bs1)) {
+ if (!name) {
+ monitor_printf(mon, "Could not find snapshot 'NULL' on "
+ "device '%s'\n",
+ bdrv_get_device_name(bs1));
+ }
ret = bdrv_snapshot_delete(bs1, name);
if (ret < 0) {
if (ret == -ENOTSUP)
The patch is very simple. Some checks on the variable "name" were missing in "savevm.c".
Regards,
Nicolas Grandjean
Conix Security
|