Am 19.02.2021 um 16:59 hat Max Reitz geschrieben: > On 19.02.21 16:33, Max Reitz wrote: > > Without any of HEAD^ or HEAD^^ applied, qemu will most likely crash on > > the qemu-io invocation, for a variety of immediate reasons. The > > underlying problem is generally a use-after-free access into > > backup-top's BlockCopyState. > > > > With only HEAD^ applied, qemu-io will run into an EIO (which is not > > capture by the output, but you can see that the qemu-io invocation will > > be accepted (i.e., qemu-io will run) in contrast to the reference > > output, where the node name cannot be found), and qemu will then crash > > in query-named-block-nodes: bdrv_get_allocated_file_size() detects > > backup-top to be a filter and passes the request through to its child. > > However, after bdrv_backup_top_drop(), that child is NULL, so the > > recursive call crashes. > > > > With HEAD^^ applied, this test should pass. > > > > Signed-off-by: Max Reitz <[email protected]> > > --- > > tests/qemu-iotests/283 | 55 ++++++++++++++++++++++++++++++++++++++ > > tests/qemu-iotests/283.out | 15 +++++++++++ > > 2 files changed, 70 insertions(+) > > > > diff --git a/tests/qemu-iotests/283 b/tests/qemu-iotests/283 > > index 79643e375b..509dcbbcf4 100755 > > --- a/tests/qemu-iotests/283 > > +++ b/tests/qemu-iotests/283 > > @@ -97,3 +97,58 @@ vm.qmp_log('blockdev-add', **{ > > vm.qmp_log('blockdev-backup', sync='full', device='source', > > target='target') > > vm.shutdown() > > + > > + > > +""" > > +Check that the backup-top node is gone after job-finalize. > > + > > +During finalization, the node becomes inactive and can no longer > > +function. If it is still present, new parents might be attached, and > > +there would be no meaningful way to handle their I/O requests. > > +""" > > Oh no, 297/pylint complains that this “string statement has no effect”. > Guess it should be a normal comment under the following print() then...
Thanks, fixed up the comment as you suggest and applied to the block branch. Kevin
