Bug 1451483

Summary: QEMU crashes with "-machine none -device intel-iommu"
Product: Red Hat Enterprise Linux 7 Reporter: Eduardo Habkost <ehabkost>
Component: qemu-kvm-rhevAssignee: Eduardo Habkost <ehabkost>
Status: CLOSED ERRATA QA Contact: Chao Yang <chayang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: chayang, juzhang, michen, mrezanin, pezhang, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.9.0-6.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-02 04:38:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eduardo Habkost 2017-05-16 18:49:13 UTC 
Description of problem:
# /usr/libexec/qemu-kvm -machine none -device intel-iommu
Segmentation fault


Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.9.0-1.el7.x86_64

How reproducible:
Always

Additional info:
Upstream fix:

From: Eduardo Habkost <ehabkost>
To: qemu-devel
Date: Mon,  8 May 2017 17:08:12 -0300
Message-Id: <20170508200812.25296-1-ehabkost>
Subject: [Qemu-devel] [PATCH] iommu: Don't crash if machine is not PC_MACHINE
Comment 1 Eduardo Habkost 2017-05-18 17:38:12 UTC 
Upstream fix merged:

commit ef0e8fc768a561dd13a86420b3268f6f3d5d0621
Author: Eduardo Habkost <ehabkost>
Date:   Mon May 8 17:08:12 2017 -0300

    iommu: Don't crash if machine is not PC_MACHINE
    
    Currently it's possible to crash QEMU using "-device *-iommu" and
    "-machine none":
    
      $ qemu-system-x86_64 -machine none -device amd-iommu
      qemu/hw/i386/amd_iommu.c:1140:amdvi_realize: Object 0x55627dafbc90 is not an instance of type generic-pc-machine
      Aborted (core dumped)
      $ qemu-system-x86_64 -machine none -device intel-iommu
      qemu/hw/i386/intel_iommu.c:2972:vtd_realize: Object 0x56292ec0bc90 is not an instance of type generic-pc-machine
      Aborted (core dumped)
    
    Fix amd-iommu and intel-iommu to ensure the current machine is really a
    TYPE_PC_MACHINE instance at their realize methods.
    
    Resulting error messages:
    
      $ qemu-system-x86_64 -machine none -device amd-iommu
      qemu-system-x86_64: -device amd-iommu: Machine-type 'none' not supported by amd-iommu
      $ qemu-system-x86_64 -machine none -device intel-iommu
      qemu-system-x86_64: -device intel-iommu: Machine-type 'none' not supported by intel-iommu
    
    Signed-off-by: Eduardo Habkost <ehabkost>
    Reviewed-by: Michael S. Tsirkin <mst>
    Signed-off-by: Michael S. Tsirkin <mst>
Comment 3 Miroslav Rezanina 2017-05-23 08:16:01 UTC 
Fix included in qemu-kvm-rhev-2.9.0-6.el7
Comment 5 Chao Yang 2017-06-02 05:50:35 UTC 
Reproduced with qemu-kvm-rhev-2.9.0-5.el7.x86_64.rpm

Program received signal SIGSEGV, Segmentation fault.
pci_setup_iommu (bus=bus@entry=0x0, fn=fn@entry=0x5555558af0e0 <vtd_host_dma_iommu>, opaque=opaque@entry=0x555556f29800)
    at hw/pci/pci.c:2550
2550	    bus->iommu_fn = fn;
(gdb) bt
#0  pci_setup_iommu (bus=bus@entry=0x0, fn=fn@entry=0x5555558af0e0 <vtd_host_dma_iommu>, opaque=opaque@entry=0x555556f29800)
    at hw/pci/pci.c:2550
#1  0x00005555558af37b in vtd_realize (dev=0x555556f29800, errp=<optimized out>)
    at /usr/src/debug/qemu-2.9.0/hw/i386/intel_iommu.c:2996
#2  0x00005555558ab5e5 in x86_iommu_realize (dev=0x555556f29800, errp=0x7fffffffdc80)
    at /usr/src/debug/qemu-2.9.0/hw/i386/x86-iommu.c:85
#3  0x0000555555975861 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7fffffffddb8) at hw/core/qdev.c:939
#4  0x0000555555a5be2e in property_set_bool (obj=0x555556f29800, v=<optimized out>, name=<optimized out>, opaque=0x555556d32ba0, 
    errp=0x7fffffffddb8) at qom/object.c:1860
#5  0x0000555555a5faef in object_property_set_qobject (obj=0x555556f29800, value=<optimized out>, name=0x555555b8610b "realized", 
    errp=0x7fffffffddb8) at qom/qom-qobject.c:27
#6  0x0000555555a5d960 in object_property_set_bool (obj=0x555556f29800, value=<optimized out>, name=0x555555b8610b "realized", 
    errp=0x7fffffffddb8) at qom/object.c:1163
#7  0x0000555555920e43 in qdev_device_add (opts=0x555556d60be0, errp=errp@entry=0x7fffffffde90) at qdev-monitor.c:623
#8  0x00005555559240a7 in device_init_func (opaque=<optimized out>, opts=<optimized out>, errp=<optimized out>) at vl.c:2314
#9  0x0000555555b28e4a in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x555555924080 <device_init_func>, 
    opaque=opaque@entry=0x0, errp=errp@entry=0x0) at util/qemu-option.c:1114
#10 0x00005555558059f2 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4594


-- Verified pass with qemu-kvm-rhev-2.9.0-7.el7.x86_64

/usr/libexec/qemu-kvm -machine none -device intel-iommu
qemu-kvm: -device intel-iommu: Machine-type 'none' not supported by intel-iommu


Provided amd-iommu is not supported. So setting VERIFIED.
Comment 7 errata-xmlrpc 2017-08-02 04:38:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392