Bug 1248295

Summary: ioThreadInfo get fail then cause segfault
Product: Red Hat Enterprise Linux 7 Reporter: Luyao Huang <lhuang>
Component: libvirt-pythonAssignee: Peter Krempa <pkrempa>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.2CC: dyuan, honzhang, mzhan, pkrempa, shyu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-python-1.2.17-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 05:34:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Luyao Huang 2015-07-30 03:58:31 UTC
Description of problem:
ioThreadInfo get fail then cause python get segfault

Version-Release number of selected component (if applicable):
libvirt-python-1.2.17-1.el7.x86_64
libvirt-1.2.17-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.
[root@lhuang libvirt]# python
Python 2.7.5 (default, Sep  4 2014, 05:34:58) 
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.

>>> import libvirt
>>> conn=libvirt.open()
>>> dom=conn.lookupByName("rhel7.0-rhel")
>>> dom.ioThreadInfo(3)
libvirt: Domain Config error : Flags 'VIR_DOMAIN_AFFECT_LIVE' and 'VIR_DOMAIN_AFFECT_CONFIG' are mutually exclusive
Segmentation fault

2.
3.

Actual results:

python crashed after pass a invalid flags to ioThreadInfo

Expected results:

no crash

Additional info:

Program received signal SIGSEGV, Segmentation fault.
libvirt_virDomainGetIOThreadInfo (self=<optimized out>, args=<optimized out>) at libvirt-override.c:2108
2108	        virDomainIOThreadInfoFree(iothrinfo[i]);
(gdb) bt
#0  libvirt_virDomainGetIOThreadInfo (self=<optimized out>, args=<optimized out>) at libvirt-override.c:2108
#1  0x00007ffff7af5b94 in call_function (oparg=<optimized out>, pp_stack=0x7fffffffd910) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4098
#2  PyEval_EvalFrameEx (
    f=f@entry=Frame 0x763590, for file /usr/lib64/python2.7/site-packages/libvirt.py, line 1327, in ioThreadInfo (self=<virDomain(_conn=<virConnect(_o=<PyCapsule at remote 0x7ffff7ed8ba0>) at remote 0x7ffff7e81550>, _o=<PyCapsule at remote 0x7ffff7e35b40>) at remote 0x7ffff7e2f3d0>, flags=3), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2740
#3  0x00007ffff7af71ad in PyEval_EvalCodeEx (co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=<optimized out>, argcount=argcount@entry=2, kws=0x71c218, kwcount=0, defs=0x7ffff7e49ea8, 
    defcount=1, closure=closure@entry=0x0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:3330
#4  0x00007ffff7af585f in fast_function (nk=<optimized out>, na=2, n=2, pp_stack=0x7fffffffdb10, func=<function at remote 0x7ffff7e53668>) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4194
#5  call_function (oparg=<optimized out>, pp_stack=0x7fffffffdb10) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4119
#6  PyEval_EvalFrameEx (f=f@entry=Frame 0x71c090, for file <stdin>, line 1, in <module> (), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2740
#7  0x00007ffff7af71ad in PyEval_EvalCodeEx (co=co@entry=0x7ffff7ec0d30, 
    globals=globals@entry={'dom': <virDomain(_conn=<virConnect(_o=<PyCapsule at remote 0x7ffff7ed8ba0>) at remote 0x7ffff7e81550>, _o=<PyCapsule at remote 0x7ffff7e35b40>) at remote 0x7ffff7e2f3d0>, '__builtins__': <module at remote 0x7ffff7f97b08>, 'libvirt': <module at remote 0x7ffff7e45398>, '__name__': '__main__', '__package__': None, '__doc__': None, 'conn': <...>}, 
    locals=locals@entry={'dom': <virDomain(_conn=<virConnect(_o=<PyCapsule at remote 0x7ffff7ed8ba0>) at remote 0x7ffff7e81550>, _o=<PyCapsule at remote 0x7ffff7e35b40>) at remote 0x7ffff7e2f3d0>, '__builtins__': <module at remote 0x7ffff7f97b08>, 'libvirt': <module at remote 0x7ffff7e45398>, '__name__': '__main__', '__package__': None, '__doc__': None, 'conn': <...>}, args=args@entry=0x0, argcount=argcount@entry=0, 
    kws=kws@entry=0x0, kwcount=kwcount@entry=0, defs=defs@entry=0x0, defcount=defcount@entry=0, closure=closure@entry=0x0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:3330
#8  0x00007ffff7af72b2 in PyEval_EvalCode (co=co@entry=0x7ffff7ec0d30, 
    globals=globals@entry={'dom': <virDomain(_conn=<virConnect(_o=<PyCapsule at remote 0x7ffff7ed8ba0>) at remote 0x7ffff7e81550>, _o=<PyCapsule at remote 0x7ffff7e35b40>) at remote 0x7ffff7e2f3d0>, '__builtins__': <module at remote 0x7ffff7f97b08>, 'libvirt': <module at remote 0x7ffff7e45398>, '__name__': '__main__', '__package__': None, '__doc__': None, 'conn': <...>}, 
    locals=locals@entry={'dom': <virDomain(_conn=<virConnect(_o=<PyCapsule at remote 0x7ffff7ed8ba0>) at remote 0x7ffff7e81550>, _o=<PyCapsule at remote 0x7ffff7e35b40>) at remote 0x7ffff7e2f3d0>, '__builtins__': <module at remote 0x7ffff7f97b08>, 'libvirt': <module at remote 0x7ffff7e45398>, '__name__': '__main__', '__package__': None, '__doc__': None, 'conn': <...>}) at /usr/src/debug/Python-2.7.5/Python/ceval.c:689
#9  0x00007ffff7b106ef in run_mod (mod=mod@entry=0x781660, filename=filename@entry=0x7ffff7b5799f "<stdin>", 
    globals={'dom': <virDomain(_conn=<virConnect(_o=<PyCapsule at remote 0x7ffff7ed8ba0>) at remote 0x7ffff7e81550>, _o=<PyCapsule at remote 0x7ffff7e35b40>) at remote 0x7ffff7e2f3d0>, '__builtins__': <module at remote 0x7ffff7f97b08>, 'libvirt': <module at remote 0x7ffff7e45398>, '__name__': '__main__', '__package__': None, '__doc__': None, 'conn': <...>}, 
    locals={'dom': <virDomain(_conn=<virConnect(_o=<PyCapsule at remote 0x7ffff7ed8ba0>) at remote 0x7ffff7e81550>, _o=<PyCapsule at remote 0x7ffff7e35b40>) at remote 0x7ffff7e2f3d0>, '__builtins__': <module at remote 0x7ffff7f97b08>, 'libvirt': <module at remote 0x7ffff7e45398>, '__name__': '__main__', '__package__': None, '__doc__': None, 'conn': <...>}, flags=flags@entry=0x7fffffffdd70, arena=arena@entry=0x64c340)
    at /usr/src/debug/Python-2.7.5/Python/pythonrun.c:1373
#10 0x00007ffff7b127a0 in PyRun_InteractiveOneFlags (fp=fp@entry=0x7ffff70ea640 <_IO_2_1_stdin_>, filename=filename@entry=0x7ffff7b5799f "<stdin>", flags=flags@entry=0x7fffffffdd70)
    at /usr/src/debug/Python-2.7.5/Python/pythonrun.c:860
#11 0x00007ffff7b1298e in PyRun_InteractiveLoopFlags (fp=fp@entry=0x7ffff70ea640 <_IO_2_1_stdin_>, filename=filename@entry=0x7ffff7b5799f "<stdin>", flags=flags@entry=0x7fffffffdd70)
    at /usr/src/debug/Python-2.7.5/Python/pythonrun.c:780
#12 0x00007ffff7b1301e in PyRun_AnyFileExFlags (fp=fp@entry=0x7ffff70ea640 <_IO_2_1_stdin_>, filename=filename@entry=0x7ffff7b5799f "<stdin>", closeit=closeit@entry=0, flags=flags@entry=0x7fffffffdd70)
    at /usr/src/debug/Python-2.7.5/Python/pythonrun.c:749
#13 0x00007ffff7b23b3f in Py_Main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/Python-2.7.5/Modules/main.c:640
#14 0x00007ffff6d50af5 in __libc_start_main (main=0x4006f0 <main>, argc=1, ubp_av=0x7fffffffdf38, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf28)
    at libc-start.c:274
#15 0x0000000000400721 in _start ()

Comment 1 Peter Krempa 2015-07-30 07:53:06 UTC
Upstream fix:

commit 0a59630a341f73f716e635a8635c053861695cf1
Author: Peter Krempa <pkrempa>
Date:   Thu Jul 30 09:32:28 2015 +0200

    iothread: Fix crash if virDomainGetIOThreadInfo returns error
    
    The cleanup portion of libvirt_virDomainGetIOThreadInfo would try to
    clean the returned structures but the count of iothreads was set to -1.

Comment 4 Shanzhi Yu 2015-09-01 09:06:08 UTC
Verify this bug with libvirt-python-1.2.17-2.el7.x86_64 

# python
Python 2.7.5 (default, Aug  6 2015, 10:12:10) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> conn=libvirt.open()
>>> dom=conn.lookupByName('r7')
>>> dom.ioThreadInfo(3)
libvirt: Domain Config error : Flags 'VIR_DOMAIN_AFFECT_LIVE' and 'VIR_DOMAIN_AFFECT_CONFIG' are mutually exclusive
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1328, in ioThreadInfo
    if ret is None: raise libvirtError ('virDomainGetIOThreadInfo() failed', dom=self)
libvirt.libvirtError: Flags 'VIR_DOMAIN_AFFECT_LIVE' and 'VIR_DOMAIN_AFFECT_CONFIG' are mutually exclusive
>>> dom.ioThreadInfo(2)
[]
>>> dom.ioThreadInfo(1)
[]
>>> dom.ioThreadInfo(0)
[]
>>> dom.ioThreadInfo(-1)
libvirt: Domain Config error : Flags 'VIR_DOMAIN_AFFECT_LIVE' and 'VIR_DOMAIN_AFFECT_CONFIG' are mutually exclusive
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1328, in ioThreadInfo
    if ret is None: raise libvirtError ('virDomainGetIOThreadInfo() failed', dom=self)
libvirt.libvirtError: Flags 'VIR_DOMAIN_AFFECT_LIVE' and 'VIR_DOMAIN_AFFECT_CONFIG' are mutually exclusive
>>> dom.ioThreadInfo(4)
libvirt: QEMU Driver error : unsupported flags (0x4) in function qemuDomainGetIOThreadInfo
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1328, in ioThreadInfo
    if ret is None: raise libvirtError ('virDomainGetIOThreadInfo() failed', dom=self)
libvirt.libvirtError: unsupported flags (0x4) in function qemuDomainGetIOThreadInfo

So no crash again.

Comment 6 errata-xmlrpc 2015-11-19 05:34:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2203.html