>-----Original Message-----
>From: Markus Armbruster <[email protected]>
>Subject: Re: [PATCH 5/5] accel/kvm: Fix SIGSEGV when execute
>"query-balloon" after CPR transfer
>
>Zhenzhong Duan <[email protected]> writes:
>
>> After CPR transfer, source QEMU close kvm fd and free kvm_state,
>> "query-balloon" will check kvm_state->sync_mmu and trigger NULL
>> pointer reference.
>>
>> Signed-off-by: Zhenzhong Duan <[email protected]>
>> ---
>> accel/kvm/kvm-all.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
>> index 9060599cd7..a3e2d11763 100644
>> --- a/accel/kvm/kvm-all.c
>> +++ b/accel/kvm/kvm-all.c
>> @@ -3479,7 +3479,7 @@ int kvm_device_access(int fd, int group, uint64_t
>attr,
>>
>> bool kvm_has_sync_mmu(void)
>> {
>> - return kvm_state->sync_mmu;
>> + return kvm_state && kvm_state->sync_mmu;
>> }
>>
>> int kvm_has_vcpu_events(void)
>
>This dereference could signify there's a general assumption *kvm_state
>is valid, i.e. there might be more dereferences hiding in the code.
Yes, agree with your concern, let me pursues other way.
>
>Have you checked?
>
>Is freeing @kvm_state after CPR transfer useful?
kvm_state was NULLed, let me try to keep it for query just like in kernel
task struct is retained when child process exit.
I'd like to add your Suggested-by on this if you don't object.
Thanks
Zhenzhong
