Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 865302 Details for
Bug 1067225
Windows guest performing out-of-bounds accesses on virtio device
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch showing diagnostic alterations to qemu
debug-eio.patch (text/plain), 7.98 KB, created by
David Gibson
on 2014-02-20 00:21:07 UTC
(
hide
)
Description:
Patch showing diagnostic alterations to qemu
Filename:
MIME Type:
Creator:
David Gibson
Created:
2014-02-20 00:21:07 UTC
Size:
7.98 KB
patch
obsolete
>diff -ur qemu-kvm-0.12.1.2.orig/block.c qemu-kvm-0.12.1.2/block.c >--- qemu-kvm-0.12.1.2.orig/block.c 2014-02-10 11:10:25.929662731 +1100 >+++ qemu-kvm-0.12.1.2/block.c 2014-02-10 13:29:35.417257194 +1100 >@@ -1210,6 +1210,8 @@ > > fprintf(stderr, "block I/O error in device '%s': %s (%d)\n", > bdrv->device_name, strerror(error), error); >+ fprintf(stderr, "Case 01019528 extra logging: action_str=%s is_read=%d\n", >+ action_str, is_read); > > data = qobject_from_jsonf("{ 'device': %s, 'action': %s, 'operation': %s }", > bdrv->device_name, >@@ -1341,11 +1343,13 @@ > if (bdrv_is_allocated(bs, sector, COMMIT_BUF_SECTORS, &n)) { > > if (bdrv_read(bs, sector, buf, n) != 0) { >+ fprintf(stderr, "EIO in bdrv_commit() 1\n"); > ret = -EIO; > goto ro_cleanup; > } > > if (bdrv_write(bs->backing_hd, sector, buf, n) != 0) { >+ fprintf(stderr, "EIO in bdrv_commit() 2\n"); > ret = -EIO; > goto ro_cleanup; > } >@@ -1599,12 +1603,14 @@ > QSIMPLEQ_INIT(&states_to_delete); > > if (!top->drv || !base->drv) { >+ fprintf(stderr, "EIO in bdrv_drop_intermediate() 1\n"); > goto exit; > } > > new_top_bs = bdrv_find_overlay(active, top); > > if (new_top_bs == NULL) { >+ fprintf(stderr, "EIO in bdrv_drop_intermediate() 2\n"); > /* we could not find the image above 'top', this is an error */ > goto exit; > } >@@ -1635,6 +1641,7 @@ > if (base_bs == NULL) { > /* something went wrong, we did not end at the base. safely > * unravel everything, and exit with error */ >+ fprintf(stderr, "EIO in bdrv_drop_intermediate() 3\n"); > goto exit; > } > >@@ -1642,6 +1649,7 @@ > ret = bdrv_change_backing_file(new_top_bs, base_bs->filename, > base_bs->drv ? base_bs->drv->format_name : ""); > if (ret) { >+ fprintf(stderr, "Possible EIO (%d)in bdrv_drop_intermediate() 4\n", ret); > goto exit; > } > new_top_bs->backing_hd = base_bs; >@@ -1675,11 +1683,17 @@ > > len = bdrv_getlength(bs); > >- if (offset < 0) >+ if (offset < 0) { >+ fprintf(stderr, "EIO in bdrv_check_byte_request() 1\n"); > return -EIO; >+ } > >- if ((offset > len) || (len - offset < size)) >+ if ((offset > len) || (len - offset < size)) { >+ fprintf(stderr, "Out of bounds I/O request: offset=%lld size=%lld len=%lld\n", >+ (long long) offset, (long long) size, (long long) len); >+ fprintf(stderr, "EIO in brdv_check_byte_request() 2\n"); > return -EIO; >+ } > > return 0; > } >@@ -1964,6 +1978,7 @@ > return -ENOMEDIUM; > } > if (bdrv_check_request(bs, sector_num, nb_sectors)) { >+ fprintf(stderr, "EIO in bdrv_co_do_readv() 1\n"); > return -EIO; > } > >@@ -2066,6 +2081,7 @@ > return -EACCES; > } > if (bdrv_check_request(bs, sector_num, nb_sectors)) { >+ fprintf(stderr, "EIO in bdrv_co_do_writev() 1\n"); > return -EIO; > } > >@@ -2810,8 +2826,10 @@ > return -ENOMEDIUM; > if (!drv->bdrv_write_compressed) > return -ENOTSUP; >- if (bdrv_check_request(bs, sector_num, nb_sectors)) >+ if (bdrv_check_request(bs, sector_num, nb_sectors)) { >+ fprintf(stderr, "EIO in brdv_write_compressed\n"); > return -EIO; >+ } > > assert(!bs->dirty_bitmap); > >@@ -3347,6 +3365,7 @@ > goto fail; > } else { > trace_bdrv_aio_multiwrite_latefail(mcb, i); >+ fprintf(stderr, "EIO in brdv_aio_multiwrite 1\n"); > multiwrite_cb(mcb, -EIO); > break; > } >@@ -3360,6 +3379,7 @@ > > fail: > for (i = 0; i < mcb->num_callbacks; i++) { >+ fprintf(stderr, "EIO in bdrv_aio_multiwrite 2\n"); > reqs[i].error = -EIO; > } > g_free(mcb); >@@ -3650,6 +3670,7 @@ > > trace_bdrv_co_io_em(bs, sector_num, nb_sectors, is_write, acb); > if (!acb) { >+ fprintf(stderr, "EIO in bdrv_co_io_em\n"); > return -EIO; > } > qemu_coroutine_yield(); >@@ -3694,6 +3715,7 @@ > > acb = bs->drv->bdrv_aio_flush(bs, bdrv_co_io_em_complete, &co); > if (acb == NULL) { >+ fprintf(stderr, "EIO in brdv_co_flush\n"); > return -EIO; > } else { > qemu_coroutine_yield(); >@@ -3750,6 +3772,7 @@ > if (!bs->drv) { > return -ENOMEDIUM; > } else if (bdrv_check_request(bs, sector_num, nb_sectors)) { >+ fprintf(stderr, "EIO in bdrv_co_discard 1\n"); > return -EIO; > } else if (bs->read_only) { > return -EROFS; >@@ -3764,6 +3787,7 @@ > acb = bs->drv->bdrv_aio_discard(bs, sector_num, nb_sectors, > bdrv_co_io_em_complete, &co); > if (acb == NULL) { >+ fprintf(stderr, "EIO in bdrv_co_discard 2\n"); > return -EIO; > } else { > qemu_coroutine_yield(); >diff -ur qemu-kvm-0.12.1.2.orig/dma-helpers.c qemu-kvm-0.12.1.2/dma-helpers.c >--- qemu-kvm-0.12.1.2.orig/dma-helpers.c 2014-02-10 11:10:24.154662817 +1100 >+++ qemu-kvm-0.12.1.2/dma-helpers.c 2014-02-10 13:29:35.418257194 +1100 >@@ -142,6 +142,7 @@ > dbs->iov.size / 512, dma_bdrv_cb, dbs); > } > if (!dbs->acb) { >+ fprintf(stderr, "EIO in dma_bdrv_cb()\n"); > dma_complete(dbs, -EIO); > } > } >diff -ur qemu-kvm-0.12.1.2.orig/hw/virtio-blk.c qemu-kvm-0.12.1.2/hw/virtio-blk.c >--- qemu-kvm-0.12.1.2.orig/hw/virtio-blk.c 2014-02-10 11:10:25.939662731 +1100 >+++ qemu-kvm-0.12.1.2/hw/virtio-blk.c 2014-02-10 13:54:00.300186045 +1100 >@@ -73,6 +73,12 @@ > BlockErrorAction action = bdrv_get_on_error(req->dev->bs, is_read); > VirtIOBlock *s = req->dev; > >+ fprintf(stderr, "virtio_blk_handle_rw_error: error=%d is_read=%d\n", >+ error, is_read); >+ fprintf(stderr, "sector=%lld qiov.size=%zd lbs=%d\n", >+ (long long)req->out->sector, req->qiov.size, >+ req->dev->conf->logical_block_size); >+ > if (action == BLOCK_ERR_IGNORE) { > bdrv_emit_qmp_error_event(s->bs, BDRV_ACTION_IGNORE, error, is_read); > return 0; >@@ -283,6 +289,7 @@ > if (ret != 0) { > for (i = 0; i < num_writes; i++) { > if (blkreq[i].error) { >+ fprintf(stderr, "EIO in do_multiwrite()\n"); > virtio_blk_rw_complete(blkreq[i].opaque, -EIO); > } > } >@@ -307,6 +314,7 @@ > > acb = bdrv_aio_flush(req->dev->bs, virtio_blk_flush_complete, req); > if (!acb) { >+ fprintf(stderr, "EIO in virtio_blk_handle_flush()\n"); > virtio_blk_flush_complete(req, -EIO); > } > } >@@ -319,6 +327,7 @@ > bdrv_acct_start(req->dev->bs, &req->acct, req->qiov.size, BDRV_ACCT_WRITE); > > if (req->out->sector & req->dev->sector_mask) { >+ fprintf(stderr, "EIO in virtio_blk_handle_write() 1\n"); > virtio_blk_rw_complete(req, -EIO); > return; > } >@@ -331,6 +340,7 @@ > *old_bs = req->dev->bs; > } > if (req->qiov.size % req->dev->conf->logical_block_size) { >+ fprintf(stderr, "EIO in virtio_blk_handle_write() 2\n"); > virtio_blk_rw_complete(req, -EIO); > return; > } >@@ -352,10 +362,12 @@ > bdrv_acct_start(req->dev->bs, &req->acct, req->qiov.size, BDRV_ACCT_READ); > > if (req->out->sector & req->dev->sector_mask) { >+ fprintf(stderr, "EIO in virtio_blk_handle_read() 1\n"); > virtio_blk_rw_complete(req, -EIO); > return; > } > if (req->qiov.size % req->dev->conf->logical_block_size) { >+ fprintf(stderr, "EIO in virtio_blk_handle_read() 2\n"); > virtio_blk_rw_complete(req, -EIO); > return; > } >@@ -363,6 +375,7 @@ > acb = bdrv_aio_readv(req->dev->bs, req->out->sector, &req->qiov, > req->qiov.size / 512, virtio_blk_rw_complete, req); > if (!acb) { >+ fprintf(stderr, "EIO in virtio_blk_handle_read() 3\n"); > virtio_blk_rw_complete(req, -EIO); > } > } >Only in qemu-kvm-0.12.1.2/hw: virtio-blk.c~
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1067225
: 865302 |
948817
|
948818
|
948819
|
948820