[libvirt] [PATCH v2] qemu: Fix crash in virDomainMemoryStats with old qemu

Wed Feb 5 15:56:34 UTC 2014

On 2014-02-05 14:19, Jiri Denemark wrote:
> If virDomainMemoryStats was run on a domain with virtio balloon driver
> running on an old qemu which supports QMP but does not support 
> qom-list
> QMP command, libvirtd would crash. The reason is we did not check if
> qemuMonitorJSONGetObjectListPaths failed and moreover we even stored 
> its
> result in an unsigned integer type.
> 
> Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
> ---
> 
> Notes:
>     version 2:
>     - use signed type for i and j to avoid comparison between signed 
> and
>       unsigned types; gcc-- for not complaining about it
> 
>  src/qemu/qemu_monitor.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
> index a968901..a2769db 100644
> --- a/src/qemu/qemu_monitor.c
> +++ b/src/qemu/qemu_monitor.c
> @@ -1019,7 +1019,7 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr 
> mon,
>                                   virDomainObjPtr vm,
>                                   const char *curpath)
>  {
> -    size_t i, j, npaths = 0, nprops = 0;
> +    ssize_t i, j, npaths = 0, nprops = 0;
>      int ret = 0;
>      char *nextpath = NULL;
>      qemuMonitorJSONListPathPtr *paths = NULL;
> @@ -1045,6 +1045,8 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr 
> mon,
>      VIR_DEBUG("Searching for Balloon Object Path starting at %s", 
> curpath);
> 
>      npaths = qemuMonitorJSONGetObjectListPaths(mon, curpath, &paths);
> +    if (npaths < 0)
> +        return -1;
> 
>      for (i = 0; i < npaths && ret == 0; i++) {
> 
> @@ -1061,6 +1063,11 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr 
> mon,
>               * then this version of qemu/kvm does not support the 
> feature.
>               */
>              nprops = qemuMonitorJSONGetObjectListPaths(mon, nextpath, 
> &bprops);
> +            if (nprops < 0) {
> +                ret = -1;
> +                goto cleanup;
> +            }
> +
>              for (j = 0; j < nprops; j++) {
>                  if (STREQ(bprops[j]->name, 
> "guest-stats-polling-interval")) {
>                      VIR_DEBUG("Found Balloon Object Path %s", 
> nextpath);

I tested this patch and so far it seems ok: libvirtd hasn't crashed 
during 1 hour. I'll leave it running during the night to be sure.
I only see this now in the logs:

2014-02-05 14:54:41.280+0000: 8104: error : 
qemuMonitorJSONCheckError:354 : internal error: unable to execute QEMU 
command 'qom-list': The command qom-list has not been found
2014-02-05 14:54:41.306+0000: 8103: error : 
qemuMonitorJSONCheckError:354 : internal error: unable to execute QEMU 
command 'qom-list': The command qom-list has not been found
2014-02-05 14:54:41.333+0000: 8106: error : 
qemuMonitorJSONCheckError:354 : internal error: unable to execute QEMU 
command 'qom-list': The command qom-list has not been found
2014-02-05 14:54:41.358+0000: 8105: error : 
qemuMonitorJSONCheckError:354 : internal error: unable to execute QEMU 
command 'qom-list': The command qom-list has not been found

but no crashes because of that.

Franky