Bug 1072700
| Summary: | _spice_timer_set truncates large "now" values | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | David Gibson <dgibson> | ||||
| Component: | spice-server | Assignee: | Christophe Fergeau <cfergeau> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 6.5 | CC: | cfergeau, dblechte, dgibson, ederevea, marcandre.lureau, mkenneth, mkrcmari, rbalakri, tlavigne | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | spice-server-0.12.4-9.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Cause: an integer overflow on a 32 bit timer value
Consequence: infinite loop in spice-server on long running VMs (> 46 days) causing SPICE sessions to be unresponsive
Fix: use 64 bit timer values where appropriate
Result:
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 1227408 (view as bug list) | Environment: | |||||
| Last Closed: | 2014-10-14 05:04:48 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1227408 | ||||||
| Attachments: |
|
||||||
|
Description
David Gibson
2014-03-05 03:54:04 UTC
Created attachment 870759 [details]
Tentative fix
Attaching a tentative fix for the bug. This also adds some extra casts to make sure we can't truncate ime values in a few other places.
patch looks good to me, moving to POST, to reflect that Ok, I'm a bit baffled as to how the bug is not appearing under those conditions. Do you have an active spice console to the VM? Is it responding correctly? (In reply to David Gibson from comment #12) > Ok, I'm a bit baffled as to how the bug is not appearing under those > conditions. > > Do you have an active spice console to the VM? Is it responding correctly? Hm yes, I opened two spice consoles to the VMs which are running since January 31st and it seems to be fine, responsive and host seems to be fine as well. So we are not able to reproduce so I suggest sanityOnly Verification provided It solved customer problem. Ok, I'm really baffled as to how those systems can fail to show the bug. Could you use gcore to grab a core from the running qemu processes on that high-uptime system so I can investigate what the triggering factor is? David, did you get a chance to look at Marian's core? Sorry, I've been busy. I did take a look at the core, but it wasn't as useful as I hoped. Without a running process, or a core at exactly the right moment, it's very difficult to tell why this bug isn't triggering. I don't really have time to track this down more thoroughly, so I guess we'll just have to go with the sanity checking we've had. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1435.html |