| Message ID | 501FBAA2.6050205@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 08/06/2012 03:37 PM, Avi Kivity wrote: > On 08/06/2012 03:12 PM, Avi Kivity wrote: >> On 08/06/2012 11:46 AM, Stefan Priebe - Profihost AG wrote: >> >>> But still i got the segfault and core dump - this is my main problem? I >>> mean qemu-kvm master isn't declared as stable. So i don't care about the >>> slowness here. >>> >>> What can we do about the core dump and crash? >> >> Okay, I reproduced it; it seems aio=native is the culprit. You can try >> aio=threads as a workaround. >> >> Copying some relevant people (context: aio=native on qemu-kvm-1.1.1 >> segfaults pretty early during guest install) >> > > The following ought to fix it: It does. Kevin: despite aio=native, I get iothreads and pwrites, something is broken.
can confirm - this fixed it! Am 06.08.2012 14:37, schrieb Avi Kivity: > On 08/06/2012 03:12 PM, Avi Kivity wrote: >> On 08/06/2012 11:46 AM, Stefan Priebe - Profihost AG wrote: >> >>> But still i got the segfault and core dump - this is my main problem? I >>> mean qemu-kvm master isn't declared as stable. So i don't care about the >>> slowness here. >>> >>> What can we do about the core dump and crash? >> >> Okay, I reproduced it; it seems aio=native is the culprit. You can try >> aio=threads as a workaround. >> >> Copying some relevant people (context: aio=native on qemu-kvm-1.1.1 >> segfaults pretty early during guest install) >> > > The following ought to fix it: > > > From: Avi Kivity <avi@redhat.com> > Date: Mon, 6 Aug 2012 15:35:02 +0300 > Subject: [PATCH] virtio-mlk: fix use-after-free while handling scsi commands > > The scsi passthrough handler falls through after completing a > request into the failure path, resulting in a use after free. > > Reprducible by running a guest with aio=native on a block device. > > Reported-by: Stefan Priebe <s.priebe@profihost.ag> > Signed-off-by: Avi Kivity <avi@redhat.com> > > diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c > index f21757e..552b3b6 100644 > --- a/hw/virtio-blk.c > +++ b/hw/virtio-blk.c > @@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req) > > virtio_blk_req_complete(req, status); > g_free(req); > + return; > #else > abort(); > #endif > >
Any news? Was this applied upstream? Am 06.08.2012 14:37, schrieb Avi Kivity: > On 08/06/2012 03:12 PM, Avi Kivity wrote: >> On 08/06/2012 11:46 AM, Stefan Priebe - Profihost AG wrote: >> >>> But still i got the segfault and core dump - this is my main problem? I >>> mean qemu-kvm master isn't declared as stable. So i don't care about the >>> slowness here. >>> >>> What can we do about the core dump and crash? >> >> Okay, I reproduced it; it seems aio=native is the culprit. You can try >> aio=threads as a workaround. >> >> Copying some relevant people (context: aio=native on qemu-kvm-1.1.1 >> segfaults pretty early during guest install) >> > > The following ought to fix it: > > > From: Avi Kivity <avi@redhat.com> > Date: Mon, 6 Aug 2012 15:35:02 +0300 > Subject: [PATCH] virtio-mlk: fix use-after-free while handling scsi commands > > The scsi passthrough handler falls through after completing a > request into the failure path, resulting in a use after free. > > Reprducible by running a guest with aio=native on a block device. > > Reported-by: Stefan Priebe <s.priebe@profihost.ag> > Signed-off-by: Avi Kivity <avi@redhat.com> > > diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c > index f21757e..552b3b6 100644 > --- a/hw/virtio-blk.c > +++ b/hw/virtio-blk.c > @@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req) > > virtio_blk_req_complete(req, status); > g_free(req); > + return; > #else > abort(); > #endif > >
On Wed, Aug 08, 2012 at 07:51:07AM +0200, Stefan Priebe wrote:
> Any news? Was this applied upstream?
Kevin is ill. He has asked me to review and test patches in his
absence. When he gets back later this week this will get picked up (and
included in QEMU 1.2).
Here is the tree, it includes this patch:
https://github.com/stefanha/qemu/commits/for-kevin
Stefan
ah OK - thanks. Will there be a fixed 1.1.2 as well? Stefan Am 08.08.2012 10:06, schrieb Stefan Hajnoczi: > On Wed, Aug 08, 2012 at 07:51:07AM +0200, Stefan Priebe wrote: >> Any news? Was this applied upstream? > > Kevin is ill. He has asked me to review and test patches in his > absence. When he gets back later this week this will get picked up (and > included in QEMU 1.2). > > Here is the tree, it includes this patch: > > https://github.com/stefanha/qemu/commits/for-kevin > > Stefan >
On Wed, Aug 8, 2012 at 9:29 AM, Stefan Priebe <s.priebe@profihost.ag> wrote: > ah OK - thanks. Will there be a fixed 1.1.2 as well? mdroth: Kevin has the fix in his block branch, which means qemu.git will get it soon. Here's the commit: http://repo.or.cz/w/qemu/kevin.git/commit/730a9c53b4e52681fcfe31cf38854cbf91e132c7 > > Am 08.08.2012 10:06, schrieb Stefan Hajnoczi: > >> On Wed, Aug 08, 2012 at 07:51:07AM +0200, Stefan Priebe wrote: >>> >>> Any news? Was this applied upstream? >> >> >> Kevin is ill. He has asked me to review and test patches in his >> absence. When he gets back later this week this will get picked up (and >> included in QEMU 1.2). >> >> Here is the tree, it includes this patch: >> >> https://github.com/stefanha/qemu/commits/for-kevin >> >> Stefan >> > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c index f21757e..552b3b6 100644 --- a/hw/virtio-blk.c +++ b/hw/virtio-blk.c @@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req) virtio_blk_req_complete(req, status); g_free(req); + return; #else abort(); #endif