Bug 1169280

Summary: Segfault while query device properties (ics, icp)
Product: Red Hat Enterprise Linux 7 Reporter: Xu Han <xuhan>
Component: qemu-kvm-rhevAssignee: David Gibson <dgibson>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 7.1CC: hhuang, juzhang, michen, ngu, virt-maint, ypu
Target Milestone: rc   
Target Release: ---   
Hardware: ppc64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.1.2-17.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:58:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
qemu-kvm-rhev-2.1.2-15.el7.test.ppc64.rpm
none
qemu-kvm-common-rhev-2.1.2-15.el7.test.ppc64.rpm
none
qemu-img-rhev-2.1.2-15.el7.test.ppc64.rpm
none
qemu-kvm-rhev-debuginfo-2.1.2-15.el7.test.ppc64.rpm none

Description Xu Han 2014-12-01 08:55:17 UTC 
Description of problem:
If a device have no properties, query it will cause segfault:
  # /usr/libexec/qemu-kvm -device ics,?
  Segmentation fault (core dumped)


Backtrace:
#0  error_get_pretty (err=0x0) at util/error.c:153
No locals.
#1  0x0000000053107cd0 in qdev_device_help (opts=0x53993310) at qdev-monitor.c:210
        local_err = 0x0                         <- NULL
        driver = 0x539933a0 "ics"
        prop_list = 0x0
        prop = <optimized out>
...


qdev-monitor.c:
210         error_printf("%s\n", error_get_pretty(local_err));

util/error.c:
150 const char *error_get_pretty(Error *err)
151 {
152     return err->msg;
153 }


The query result of QMP:
{"execute": "device-list-properties", "arguments": {"typename": "ics"}}
{"return": []}


Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.1.2-14.el7.ppc64

How reproducible:
100%

Steps to Reproduce:
1. # /usr/libexec/qemu-kvm -device ics,?

Actual results:
Segfault

Expected results:
No crash

Additional info:
Comment 2 David Gibson 2014-12-03 01:53:20 UTC 
Created attachment 963937 [details]
qemu-kvm-rhev-2.1.2-15.el7.test.ppc64.rpm
Comment 3 David Gibson 2014-12-03 01:53:52 UTC 
Created attachment 963938 [details]
qemu-kvm-common-rhev-2.1.2-15.el7.test.ppc64.rpm
Comment 4 David Gibson 2014-12-03 01:55:01 UTC 
Created attachment 963939 [details]
qemu-img-rhev-2.1.2-15.el7.test.ppc64.rpm
Comment 5 David Gibson 2014-12-03 01:56:56 UTC 
Created attachment 963940 [details]
qemu-kvm-rhev-debuginfo-2.1.2-15.el7.test.ppc64.rpm
Comment 6 David Gibson 2014-12-03 02:01:46 UTC 
I located a fix for this problem upstream (commit 0722eba9450cb8be9713fec1caa0772330739586).  I've uploaded test packages with this fix backported.  They're not brewed, because somethings up with the dependencies again (on x86).

Please retest with this, then I'll push the fix downstream.
Comment 7 Xu Han 2014-12-05 07:28:40 UTC 
Re-tested this issue with above packages.

# set -x; for dev in "icp" "icp-kvm" "ics" "icskvm" "spapr-tce-table"; do ./qemu-kvm -device "$dev",?; echo $?; done; set +x

+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"' '"spapr-tce-table"'
+ ./qemu-kvm -device 'icp,?'
+ echo 0
0
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"' '"spapr-tce-table"'
+ ./qemu-kvm -device 'icp-kvm,?'
+ echo 0
0
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"' '"spapr-tce-table"'
+ ./qemu-kvm -device 'ics,?'
+ echo 0
0
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"' '"spapr-tce-table"'
+ ./qemu-kvm -device 'icskvm,?'
+ echo 0
0
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"' '"spapr-tce-table"'
+ ./qemu-kvm -device 'spapr-tce-table,?'
Segmentation fault (core dumped)
+ echo 139
139
+ set +x

The original bug has been fixed. For the last issue, I have filed bug 1170934.
Comment 8 Jeff Nelson 2014-12-17 04:05:10 UTC 
Fix included in qemu-kvm-rhev-2.1.2-17.el7
Comment 10 Xu Han 2015-01-05 02:34:44 UTC 
Verified this issue with qemu-kvm-rhev-2.1.2-17.el7:

# rpm -q qemu-kvm-rhev
qemu-kvm-rhev-2.1.2-17.el7.ppc64

# set -x; for dev in "icp" "icp-kvm" "ics" "icskvm"; do /usr/libexec/qemu-kvm -device "$dev",?; echo $?; done; set +x
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"'
+ /usr/libexec/qemu-kvm -device 'icp,?'
+ echo 0
0
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"'
+ /usr/libexec/qemu-kvm -device 'icp-kvm,?'
+ echo 0
0
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"'
+ /usr/libexec/qemu-kvm -device 'ics,?'
+ echo 0
0
+ for dev in '"icp"' '"icp-kvm"' '"ics"' '"icskvm"'
+ /usr/libexec/qemu-kvm -device 'icskvm,?'
+ echo 0
0
+ set +x

According to the test result, this bug has been fixed.
Comment 12 errata-xmlrpc 2015-03-05 09:58:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0624.html