Bug 1093301

Summary: removing <filterref> from interface using "virsh update-device" results in libvirt crash
Product: [Fedora] Fedora Reporter: Laine Stump <laine>
Component: libvirtAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: agedosier, berrange, clalancette, itamar, jforbes, laine, libvirt-maint, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-1.1.3.5-1.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-08 10:09:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Laine Stump 2014-05-01 08:52:13 UTC 
This was reported by Oleg Bondarev on libvirt-users

  https://www.redhat.com/archives/libvirt-users/2014-April/msg00124.html

It was easily reproduced on an F20 system - in short, if you start a domain that has an interface containing any <filterref>, then attempt to remove that filterref using "virsh update-device --live", libvirtd will crash.

The gdb backtrace to aid anyone encountering the crash and doing a search:

#0  __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:210
#1  0x00007f716cc65017 in virNWFilterObjFindByName (
    nwfilters=nwfilters@entry=0x7f714803a900, name=name@entry=0x0)
    at conf/nwfilter_conf.c:2716
#2  0x00007f7153c49f92 in __virNWFilterInstantiateFilter (
    driver=driver@entry=0x7f714803a8d0, 
    vmuuid=vmuuid@entry=0x7f7148288638 "\257`Y\277\216\226K\031\224\266\016\v\225\374T\344@\214(Hq\177", teardownOld=teardownOld@entry=true, 
    ifname=0x7f713c015e50 "vnet2", ifindex=37, linkdev=linkdev@entry=0x0, 
    macaddr=macaddr@entry=0x7f713c002e24, filtername=0x0, filterparams=0x0, 
    useNewFilter=useNewFilter@entry=INSTANTIATE_ALWAYS, 
    forceWithPendingReq=forceWithPendingReq@entry=false, 
    foundNewFilter=foundNewFilter@entry=0x7f715b5538b7)
    at nwfilter/nwfilter_gentech_driver.c:812
#3  0x00007f7153c4a7e2 in _virNWFilterInstantiateFilter (
    driver=0x7f714803a8d0, 
    vmuuid=0x7f7148288638 "\257`Y\277\216\226K\031\224\266\016\v\225\374T\344@\214(Hq\177", net=0x7f713c002e20, teardownOld=teardownOld@entry=true, 
    useNewFilter=useNewFilter@entry=INSTANTIATE_ALWAYS, 
    foundNewFilter=foundNewFilter@entry=0x7f715b5538b7)
    at nwfilter/nwfilter_gentech_driver.c:922
#4  0x00007f7153c4a94b in virNWFilterInstantiateFilter (
    driver=<optimized out>, vmuuid=<optimized out>, net=<opti
Comment 1 Laine Stump 2014-05-01 08:58:23 UTC 
Patch posted upstream:

  http://www.redhat.com/archives/libvir-list/2014-May/msg00005.html
Comment 2 Laine Stump 2014-05-01 13:37:29 UTC 
I've pushed this upstream both to the head of master, as well as to all existing -maint branches as far back as v1.0.2-maint (there is no v1.0.1-maint branch)

commit 0eac9d1e90fc3388030c6109aeb1f4860f108054
Author: Laine Stump <laine>
Date:   Thu May 1 11:40:41 2014 +0300

    qemu: fix crash when removing <filterref> from interface with update-device
    
    If a domain network interface that contains a <filterref> is modified
    "live" using "virsh update-device --live", libvirtd would crash. This
    was because the code supporting live update of an interface's
    filterref was assuming that a filterref might be added or modified,
    but didn't account for removing the filterref, resulting in a null
    dereference of the filter name.
    
    Introduced with commit 258fb278, which was first in libvirt v1.0.1.
Comment 3 Fedora Update System 2014-05-03 22:56:55 UTC 
libvirt-1.1.3.5-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/libvirt-1.1.3.5-1.fc20
Comment 4 Fedora Update System 2014-05-06 03:36:58 UTC 
Package libvirt-1.1.3.5-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libvirt-1.1.3.5-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-6018/libvirt-1.1.3.5-1.fc20
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2014-05-08 10:09:18 UTC 
libvirt-1.1.3.5-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.