From 040d07513c718a3473018ad1850469910cbe3cb2 Mon Sep 17 00:00:00 2001

Message-Id: <040d07513c718a3473018ad1850469910cbe3cb2.1378475168.git.jdenemar@redhat.com>

From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>

Date: Mon, 2 Sep 2013 12:08:36 +0200

Subject: [PATCH] Don't crash in qemuBuildDeviceAddressStr

https://bugzilla.redhat.com/show_bug.cgi?id=1003526

qemuDomainAttachVirtioDiskDevice passes NULL as domainDef which is later

referenced in qemuDomainAttachVirtioDiskDevice:

 Program terminated with signal 11, Segmentation fault.

 #0  qemuBuildDeviceAddressStr (buf=buf@entry=0xb646de78, info=info@entry=0xb0a02360, qemuCaps=qemuCaps@entry=0xb8fdfdc8,

     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>,

     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at qemu/qemu_command.c:2869

 2869            for (i = 0; i < domainDef->ncontrollers; i++) {

 (gdb) bt

 #0  qemuBuildDeviceAddressStr (buf=buf@entry=0xb646de78, info=info@entry=0xb0a02360, qemuCaps=qemuCaps@entry=0xb8fdfdc8,

     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>,

     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at qemu/qemu_command.c:2869

 #1  0xb18ad6f8 in qemuBuildDriveDevStr (def=def@entry=0x0, disk=disk@entry=0xb0a02288, bootindex=bootindex@entry=0, qemuCaps=0xb8fdfdc8)

     at qemu/qemu_command.c:4316

 #2  0xb18d097f in qemuDomainAttachVirtioDiskDevice (conn=conn@entry=0xb90129a8, driver=driver@entry=0xb8fe29b8, vm=vm@entry=0xb8fe0c40,

     disk=disk@entry=0xb0a02288) at qemu/qemu_hotplug.c:278

 #3  0xb193f7ba in qemuDomainAttachDeviceDiskLive (dev=0xb0a35308, vm=0xb8fe0c40, driver=0xb8fe29b8, conn=0xb90129a8) at qemu/qemu_driver.c:6356

 #4  qemuDomainAttachDeviceLive (dev=0xb0a35308, vm=0xb8fe0c40, dom=<optimized out>) at qemu/qemu_driver.c:6418

 #5  qemuDomainAttachDeviceFlags (dom=dom@entry=0xb0a020b8,

     xml=xml@entry=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n", flags=3103664568, flags@entry=1) at qemu/qemu_driver.c:7079

 #6  0xb193f9cb in qemuDomainAttachDevice (dom=0xb0a020b8,

     xml=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n") at qemu/qemu_driver.c:7120

 #7  0xb7244827 in virDomainAttachDevice (domain=domain@entry=0xb0a020b8,

     xml=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n") at libvirt.c:10912

 #8  0xb7765ddb in remoteDispatchDomainAttachDevice (args=0xb9094ef0, rerr=0xb646e1f0, client=<optimized out>, server=<optimized out>,

     msg=<optimized out>) at remote_dispatch.h:2296

 #9  remoteDispatchDomainAttachDeviceHelper (server=0xb8fba0e8, client=0xb0a00730, msg=0xb0a350b8, rerr=0xb646e1f0, args=0xb9094ef0, ret=0xb9094dc8)

     at remote_dispatch.h:2274

 #10 0xb72b1013 in virNetServerProgramDispatchCall (msg=0xb0a350b8, client=0xb0a00730, server=0xb8fba0e8, prog=0xb8fc21c8)

     at rpc/virnetserverprogram.c:435

 #11 virNetServerProgramDispatch (prog=0xb8fc21c8, server=server@entry=0xb8fba0e8, client=0xb0a00730, msg=0xb0a350b8) at rpc/virnetserverprogram.c:305

 #12 0xb72aa167 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8fba0e8)

     at rpc/virnetserver.c:165

 #13 virNetServerHandleJob (jobOpaque=0xb0a0a850, opaque=0xb8fba0e8) at rpc/virnetserver.c:186

 #14 0xb7189108 in virThreadPoolWorker (opaque=opaque@entry=0xb8fa3250) at util/virthreadpool.c:144

 #15 0xb71885e5 in virThreadHelper (data=0xb8fa32a8) at util/virthreadpthread.c:161

 #16 0xb70d6954 in start_thread (arg=0xb646eb70) at pthread_create.c:304

 #17 0xb704e95e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

This was found by libvirtt-tck:

     http://honk.sigxcpu.org:8001/job/libvirt-tck-debian-wheezy-qemu-session/1311/console

(cherry picked from commit bb97db2fb4315b7a7eb4403570d54c93992117de)

---

 src/qemu/qemu_hotplug.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c

index 98b8ad1..83e193b 100644

--- a/src/qemu/qemu_hotplug.c

+++ b/src/qemu/qemu_hotplug.c

@@ -275,7 +275,7 @@ int qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,

         if (!(drivestr = qemuBuildDriveStr(conn, disk, false, priv->qemuCaps)))

             goto error;

-        if (!(devstr = qemuBuildDriveDevStr(NULL, disk, 0, priv->qemuCaps)))

+        if (!(devstr = qemuBuildDriveDevStr(vm->def, disk, 0, priv->qemuCaps)))

             goto error;

     }

@@ -616,7 +616,7 @@ int qemuDomainAttachUsbMassstorageDevice(virConnectPtr conn,

             goto error;

         if (!(drivestr = qemuBuildDriveStr(conn, disk, false, priv->qemuCaps)))

             goto error;

-        if (!(devstr = qemuBuildDriveDevStr(NULL, disk, 0, priv->qemuCaps)))

+        if (!(devstr = qemuBuildDriveDevStr(vm->def, disk, 0, priv->qemuCaps)))

             goto error;

     }

-- 

1.8.3.2