>-----Original Message-----
>From: Steven Sistare <[email protected]>
>Subject: Re: [PATCH v2 6/6] accel/kvm: Fix SIGSEGV when execute
>"query-balloon" after CPR transfer
>
>On 9/28/2025 4:54 AM, Zhenzhong Duan wrote:
>> After CPR transfer, source QEMU closes kvm fd and sets kvm_state to
>NULL,
>> "query-balloon" will check kvm_state->sync_mmu and trigger NULL pointer
>> reference.
>>
>> We don't need to NULL kvm_state as all states in kvm_state aren't released
>> actually. Just closing kvm fd is enough so we could still query states
>> through "query_*" qmp command.
>
>IMO this does not make sense. Much of the state in kvm_state was derived
>from ioctl's on the descriptors, and closing them invalidates it. Asking
>historical questions about what used to be makes no sense.
You also have your valid point.
>
>Clearing kvm_state and setting kvm_allowed=false would be a safer fix.
But clearing kvm_state will make some qmp commands which dereferencing
kvm_state trigger SIGSEGV. We can expect failure on those qmp, but SIGSEGV
is worse.
E.g., {"execute": "query-cpu-definitions"}, below error print with v2 but
SIGSEGV with v1:
KVM get MSR (index=0x10a) feature failed, Bad file descriptor
I also see inconsistence on "query-balloon" result with v1 patch, before
cpr-transfer:
{"error": {"class": "DeviceNotActive", "desc": "No balloon device has been
activated"}}
after transfer:
{"error": {"class": "KVMMissingCap", "desc": "Using KVM without synchronous
MMU, balloon unavailable"}}
It's confusing there is no synchronous MMU support but we do have it.
Thanks
Zhenzhong
