[libvirt] [PATCH 01/10] memory: make it safer to expand arrays

Eric Blake eblake at redhat.com
Fri Nov 19 17:18:51 UTC 2010 

On 11/19/2010 12:33 AM, Wen Congyang wrote:
> At 2010-11-18 12:28, Eric Blake Write:
>> * src/util/memory.h (VIR_REALLOC_N): Update docs.
>> (VIR_EXPAND_N, VIR_SHRINK_N): New macros.
>> (virAlloc, virAllocN, virReallocN, virAllocVar, virFree): Add some
>> gcc attributes.
> 
> There may be a bug in this patch.

Well, it would be patch 3 that touched the file where your backtrace
points, so it would be the overall patch series and not this patch
(patch 1) to blame.

> Test the libvirtd without --dameon, I find that:
> [root at localhost newest]# libvirtd 
> Segmentation fault (core dumped)
> [root at localhost newest]# 
> 
> The folling is the output of the command 'gdb libvirtd core':
> [root at localhost newest]# gdb /usr/sbin/libvirtd core.8996 
> <snip>
> Core was generated by `libvirtd'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x000000000041a181 in qemudDispatchServer (server=0x209dcd0, sock=<value optimized out>) at libvirtd.c:1459
> 1459	    server->clients[server->nclients++] = client;
> <snip>
> (gdb) bt
> #0  0x000000000041a181 in qemudDispatchServer (server=0x209dcd0, sock=<value optimized out>) at libvirtd.c:1459
> #1  0x000000000041a6f1 in qemudDispatchServerEvent (watch=5, fd=8, events=1, opaque=0x209dcd0) at libvirtd.c:2225
> #2  0x0000000000415b71 in virEventDispatchHandles () at event.c:467
> #3  virEventRunOnce () at event.c:592
> #4  0x00000000004180e9 in qemudOneLoop () at libvirtd.c:2234
> #5  0x00000000004183db in qemudRunLoop (opaque=0x209dcd0) at libvirtd.c:2343
> #6  0x0000003ffec077e1 in start_thread () from /lib64/libpthread.so.0
> #7  0x0000003ffe4e153d in clone () from /lib64/libc.so.6
> (gdb) p server->clients
> $2 = (struct qemud_client **) 0x0

I'm having problems reproducing this, and don't see any obvious
explanations for this in the code.  qemuDispatchServer has:

    if (server->nclients >= max_clients) {
        VIR_ERROR(_("Too many active clients (%d), dropping connection
from %s"),
                  max_clients, addrstr);
        goto error;
    }

    if (VIR_RESIZE_N(server->clients, server->nclients_max,
                     server->nclients, 1) < 0) {
        VIR_ERROR0(_("Out of memory allocating clients"));
        goto error;
    }
...
    server->clients[server->nclients++] = client;

so the only way to get to the crashing line is to get through a
successful VIR_RESIZE_N, but VIR_RESIZE_N is not successful unless it
updates server->clients to be non-NULL.

Can you do any further debugging that might explain why it is failing
for you, and something I might have missed?

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101119/5110838f/attachment-0001.sig>

More information about the libvir-list mailing list