Bug 1458782
Summary: | QEMU crashes after hot-unplugging virtio-serial device | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ladi Prosek <lprosek> |
Component: | qemu-kvm-rhev | Assignee: | Ladi Prosek <lprosek> |
Status: | CLOSED ERRATA | QA Contact: | Sitong Liu <siliu> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.4 | CC: | aliang, chayang, coli, drjones, famz, juzhang, knoel, lijin, lprosek, mdeng, michen, pbonzini, qzhang, virt-maint, xfu, xuwei |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | qemu-kvm-rhev-2.9.0-8.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | 1449031 | Environment: | |
Last Closed: | 2017-08-02 04:41:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ladi Prosek
2017-06-05 12:58:56 UTC
Fixed in upstream commit: commit f811f97040a48358b456b46ecbc9167f0131034f Author: Ladi Prosek <lprosek> Date: Tue May 30 10:59:43 2017 +0200 virtio-serial-bus: Unset hotplug handler when unrealize Virtio serial device controls the lifetime of virtio-serial-bus and virtio-serial-bus links back to the device via its hotplug-handler property. This extra ref-count prevents the device from getting finalized, leaving the VirtIODevice memory listener registered and leading to use-after-free later on. This patch addresses the same issue as Fam Zheng's "virtio-scsi: Unset hotplug handler when unrealize" only for a different virtio device. Fix included in qemu-kvm-rhev-2.9.0-8.el7 Reproduced this bug with qemu-kvm-rhev-2.9.0-7.el7.x86_64 & 3.10.0-675.el7.x86_64 Boot win2016 guest. /usr/libexec/qemu-kvm \ -M pc \ -cpu Westmere \ -nodefaults -rtc base=utc \ -m 2G \ -smp 4,sockets=2,cores=2,threads=1 \ -enable-kvm \ -name rhel7.4 \ -uuid 990ea161-6b67-47b2-b803-19fb01d30d12 \ -k en-us \ -global isa-debugcon.iobase=0x402 \ -serial unix:/tmp/console,server,nowait \ -qmp tcp::4446,server,nowait \ -drive file=/home/win2016-64-virtio-scsi-2.qcow2,if=none,id=drive0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads \ -device virtio-scsi-pci,id=scsi1,disable-legacy=off,disable-modern=off \ -device scsi-hd,id=virtio-disk0,drive=drive0,bus=scsi1.0,bootindex=1 \ -boot menu=on \ -vnc :1 \ -monitor stdio \ -device virtio-net-pci,netdev=tap10,mac=08:9e:01:c2:6d:6e,disable-legacy=off,disable-modern=off,bootindex=4 \ -netdev tap,id=tap10 \ -smbios type=1,manufacturer=redhat-kvmqe,product=rhel7.4-kvm,version=7.444444,serial=123456789,uuid=4C4C4544-0044-3010-8047-B4C04F313232,sku=fuxc,family=rhel7 \ -fda /usr/share/virtio-win/virtio-win_amd64.vfd \ -vga qxl \ -device virtio-serial-pci,id=virtio-serial0,max_ports=511 \ -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait \ -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm1,bus=virtio-serial0.0,id=port1 \ (qemu) device_del virtio-serial0 (qemu) device_add virtio-serial-pci,id=serial1 (qemu) device_del serial1 (qemu) device_add virtio-serial-pci,id=serial1 (qemu) device_del serial1 result: qemu-kvm core dump Verified this bug with qemu-kvm-rhev-2.9.0-9.el7.x86_64 & 3.10.0-675.el7.x86_64 hotplug and unhotplug as above(repeat 50 times), qemu-kvm process and win2016 guest work well. So, this bug is fixed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2392 |