[libvirt] 1.2.0 segfault on Centos 6
Jiri Denemark
jdenemar at redhat.com
Wed Feb 5 12:54:41 UTC 2014
On Wed, Feb 05, 2014 at 07:02:38 -0500, John Ferlan wrote:
>
>
> On 02/04/2014 05:23 PM, Jiri Denemark wrote:
> > On Tue, Feb 04, 2014 at 17:02:41 +0100, Franky Van Liedekerke wrote:
> >> Hi,
> >>
> >> using libvirt 1.2.0 on a up-to-date Centos6.5 machine leads to
> >> occasional segmentation faults (see below).
> >> Sometimes it runs for 5 minutes, sometimes for an hour, but after that
> >> the result is always the same: segfault after some weird qom-list, that
> >> apparently the qemu version on centos doesn't know. Has 1.2.1 a known
> >> fix for this?
> >
> > I believe the following patch should fix the crash. I'll do some testing
> > tomorrow and send it as a proper patch afterwards:
> >
> > diff --git i/src/qemu/qemu_monitor.c w/src/qemu/qemu_monitor.c
> > index a968901..cdd817f 100644
> > --- i/src/qemu/qemu_monitor.c
> > +++ w/src/qemu/qemu_monitor.c
> > @@ -1019,7 +1019,9 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr mon,
> > virDomainObjPtr vm,
> > const char *curpath)
> > {
> > - size_t i, j, npaths = 0, nprops = 0;
> > + size_t i, j;
> > + int npaths = 0;
> > + int nprops = 0;
>
> Reading into what the contention of the issue is, then these are perhaps
> all that's needed since the conflict is I assume the difference in size
> between 'int' and 'size_t'. Perhaps something Eric Blake understands
> best. My simple testing shows while difference in size (4 bytes vs. 8
> bytes), the compiler seems to have done the right thing on the return
> value (eg, assigning 'size_t' value to a function returning int of -1).
>
> I know when I implemented this
>
> http://www.redhat.com/archives/libvir-list/2013-July/msg00770.html
>
> that I had tested without qom-list available.
>
> Curious to know if the issue was seen in a provided or built libvirt.
> It should be very simple to create a small C program that exhibits the
> issue - just have a variable of size_t initialized to 0 that gets set by
> a function that returns int, then print the result.
>
>
> > int ret = 0;
> > char *nextpath = NULL;
> > qemuMonitorJSONListPathPtr *paths = NULL;
> > @@ -1045,6 +1047,8 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr mon,
> > VIR_DEBUG("Searching for Balloon Object Path starting at %s", curpath);
> >
> > npaths = qemuMonitorJSONGetObjectListPaths(mon, curpath, &paths);
> > + if (npaths < 0)
> > + return -1;
> >
> > for (i = 0; i < npaths && ret == 0; i++) {
>
> We wouldn't enter the loop in the 0 < -1 case, but would if 0 < 0x0000ffff
Sure, we wouldn't but then we would just return 0 from this function,
which would be wrong.
>
> >
> > @@ -1061,6 +1065,11 @@ qemuMonitorFindBalloonObjectPath(qemuMonitorPtr mon,
> > * then this version of qemu/kvm does not support the feature.
> > */
> > nprops = qemuMonitorJSONGetObjectListPaths(mon, nextpath, &bprops);
> > + if (nprops < 0) {
> > + ret = -1;
> > + goto cleanup;
> > + }
> > +
> > for (j = 0; j < nprops; j++) {
>
> same here.
And here we would overwrite the error from
qemuMonitorJSONGetObjectListPaths with a different one.
Jirka
More information about the libvir-list
mailing list