Bug 1043864

Summary: Get some invalid read reports from valgrind while connect the hypervisor using TLS with SASL via ipv4
Product: Red Hat Enterprise Linux 7 Reporter: zhenfeng wang <zhwang>
Component: libvirtAssignee: Ján Tomko <jtomko>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: acathrow, dyuan, mzhan, ydu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-1.1.1-16.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 09:30:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
The configuration of tls none

Description zhenfeng wang 2013-12-17 11:37:49 UTC 
Description of problem:
Get some invalid read reports from valgrind while connect the hypervisor  using TLS with SASL via ipv4

Version-Release number of selected component (if applicable):
libvirt-1.1.1-15.el7.x86_64
kernel-3.10.0-60.el7.x86_64
qemu-kvm-rhev-1.5.3-21.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Configure the tls environment, you can reference the attachment for more details
2.Connect to the hypervisor running on host using TLS with SASL via ipv4
after connected, i could get some invalid read reports from valgrind

# valgrind -v --leak-check=full virsh -c qemu+tls://zhwang71/system list --all
=3712== Invalid read of size 1
==3712==    at 0x8004EBB: vfprintf (in /usr/lib64/libc-2.17.so)
==3712==    by 0x80C9414: __vasprintf_chk (in /usr/lib64/libc-2.17.so)
==3712==    by 0x4CB5075: virVasprintfInternal (stdio2.h:210)
==3712==    by 0x4C9A745: virLogVMessage (virlog.c:842)
==3712==    by 0x4C9AC26: virLogMessage (virlog.c:778)
==3712==    by 0x4D98BC4: virNetSASLSessionClientStep (virnetsaslcontext.c:460)
==3712==    by 0x4D819D5: doRemoteOpen (remote_driver.c:4131)
==3712==    by 0x4D81FE5: remoteConnectOpen (remote_driver.c:1027)
==3712==    by 0x4D2802C: do_open (libvirt.c:1239)
==3712==    by 0x4D2A898: virConnectOpenAuth (libvirt.c:1481)
==3712==    by 0x12BB99: vshReconnect (virsh.c:336)
==3712==    by 0x126DBA: main (virsh.c:2353)
==3712==  Address 0xd9a0f5e is 0 bytes after a block of size 126 alloc'd
==3712==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3712==    by 0x80E45A4: xdr_array (in /usr/lib64/libc-2.17.so)
==3712==    by 0x4D86251: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
==3712==    by 0x4D9729F: virNetMessageDecodePayload (virnetmessage.c:405)
==3712==    by 0x4D8DC6B: virNetClientProgramCall (virnetclientprogram.c:377)
==3712==    by 0x4D69391: callFull.isra.2 (remote_driver.c:5727)
==3712==    by 0x4D8190A: doRemoteOpen (remote_driver.c:5749)
==3712==    by 0x4D81FE5: remoteConnectOpen (remote_driver.c:1027)
==3712==    by 0x4D2802C: do_open (libvirt.c:1239)
==3712==    by 0x4D2A898: virConnectOpenAuth (libvirt.c:1481)
==3712==    by 0x12BB99: vshReconnect (virsh.c:336)
==3712==    by 0x126DBA: main (virsh.c:2353)
==3712== 
--3712-- REDIR: 0xffffffffff600000 (???) redirected to 0x380673e3 (???)
Please enter your authentication name: redhat
Please enter your password: 
--3712-- REDIR: 0x80526c0 (__stpcpy_sse2_unaligned) redirected to 0x4a0b260 (stpcpy)
--3712-- REDIR: 0x8053ed0 (__strcat_sse2_unaligned) redirected to 0x4a08fa0 (strcat)
 Id    Name                           State
----------------------------------------------------
 -     rhel                           shut off
 -     rhel6                          shut off
 -     rhel7                          shut off
 -     rhel7com                       shut off
 -     rhel7qcow2                     shut off
 -     rheltest2                      shut off
 -     test                           shut off
 -     win7                           shut off

--3712-- Discarding syms at 0x14b8e1e0-0x14b953cc in /usr/lib64/libnss_files-2.17.so due to munmap()
==3712== 
==3712== HEAP SUMMARY:
==3712==     in use at exit: 571,462 bytes in 2,303 blocks
==3712==   total heap usage: 18,641 allocs, 16,338 frees, 5,734,379 bytes allocated
==3712== 
==3712== Searching for pointers to 2,303 not-freed blocks
==3712== Checked 1,598,904 bytes
==3712== 
==3712== LEAK SUMMARY:
==3712==    definitely lost: 0 bytes in 0 blocks
==3712==    indirectly lost: 0 bytes in 0 blocks
==3712==      possibly lost: 0 bytes in 0 blocks
==3712==    still reachable: 571,462 bytes in 2,303 blocks
==3712==         suppressed: 0 bytes in 0 blocks
==3712== Reachable blocks (those to which a pointer was found) are not shown.
==3712== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==3712== 
==3712== ERROR SUMMARY: 3 errors from 1 contexts (suppressed: 2 from 2)
==3712== 
==3712== 3 errors in context 1 of 1:
==3712== Invalid read of size 1
==3712==    at 0x8004EBB: vfprintf (in /usr/lib64/libc-2.17.so)
==3712==    by 0x80C9414: __vasprintf_chk (in /usr/lib64/libc-2.17.so)
==3712==    by 0x4CB5075: virVasprintfInternal (stdio2.h:210)
==3712==    by 0x4C9A745: virLogVMessage (virlog.c:842)
==3712==    by 0x4C9AC26: virLogMessage (virlog.c:778)
==3712==    by 0x4D98BC4: virNetSASLSessionClientStep (virnetsaslcontext.c:460)
==3712==    by 0x4D819D5: doRemoteOpen (remote_driver.c:4131)
==3712==    by 0x4D81FE5: remoteConnectOpen (remote_driver.c:1027)
==3712==    by 0x4D2802C: do_open (libvirt.c:1239)
==3712==    by 0x4D2A898: virConnectOpenAuth (libvirt.c:1481)
==3712==    by 0x12BB99: vshReconnect (virsh.c:336)
==3712==    by 0x126DBA: main (virsh.c:2353)
==3712==  Address 0xd9a0f5e is 0 bytes after a block of size 126 alloc'd
==3712==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3712==    by 0x80E45A4: xdr_array (in /usr/lib64/libc-2.17.so)
==3712==    by 0x4D86251: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
==3712==    by 0x4D9729F: virNetMessageDecodePayload (virnetmessage.c:405)
==3712==    by 0x4D8DC6B: virNetClientProgramCall (virnetclientprogram.c:377)
==3712==    by 0x4D69391: callFull.isra.2 (remote_driver.c:5727)
==3712==    by 0x4D8190A: doRemoteOpen (remote_driver.c:5749)
==3712==    by 0x4D81FE5: remoteConnectOpen (remote_driver.c:1027)
==3712==    by 0x4D2802C: do_open (libvirt.c:1239)
==3712==    by 0x4D2A898: virConnectOpenAuth (libvirt.c:1481)
==3712==    by 0x12BB99: vshReconnect (virsh.c:336)
==3712==    by 0x126DBA: main (virsh.c:2353)

Actual results:
as steps

Expected results:
shouldn't get the invalid read report

Additional info:
Comment 1 zhenfeng wang 2013-12-17 11:42:57 UTC 
Created attachment 837637 [details]
The configuration of tls
Comment 3 Ján Tomko 2013-12-17 15:14:26 UTC 
Fixed upstream by
commit 986900a5af6491d54f7779f6368f1fc41eb53690
Author:     Christophe Fergeau <cfergeau>
AuthorDate: 2013-11-22 17:54:53 +0100
Commit:     Christophe Fergeau <cfergeau>
CommitDate: 2013-11-26 11:52:58 +0100

    Fix invalid read in virNetSASLSessionClientStep debug log
    
    virNetSASLSessionClientStep logs the data that is going to be passed to
    sasl_client_step as input data. However, it tries to log it as a string,
    while there is no guarantee that this data is going to be nul-terminated.
    This leads to this valgrind log:
...
git describe: v1.2.0-rc1-4-g986900a contains: v1.2.0-rc2~12

Downstream patch posted:
http://post-office.corp.redhat.com/archives/rhvirt-patches/2013-December/msg00714.html
Comment 5 zhenfeng wang 2013-12-20 03:33:24 UTC 
Verify this bug with libvirt-1.1.1-16.el7. The invalid read reports from valgrind has gone while i  verify this bug with the comment 0 steps, so mark this bug verified.
Comment 6 Ludek Smid 2014-06-13 09:30:29 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.