Bug 1576598

Summary: Segfault in qemu-io and qemu-img with -U --image-opts force-share=off
Product: Red Hat Enterprise Linux 7 Reporter: Hanna Czenczek <hreitz>
Component: qemu-kvm-rhevAssignee: Hanna Czenczek <hreitz>
Status: CLOSED ERRATA QA Contact: Tingting Mao <timao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.6CC: chayang, coli, juzhang, michen, ngu, pingl, qzhang, timao, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.12.0-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-01 11:09:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hanna Czenczek 2018-05-09 22:09:32 UTC
Description of problem:

qemu-io and qemu-img segfault (NULL dereference) when using -U together with --image-opts force-share=[anything].


Version-Release number of selected component (if applicable):

$ git describe
qemu-kvm-rhev-2.12.0-1.el7


Steps to Reproduce:

qemu-io:

$ ./qemu-io -r -U --image-opts \
    driver=file,filename=/dev/null,force-share=off
[1]    19058 segmentation fault (core dumped)  ./qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=off

qemu-img:

$ ./qemu-img info -U --image-opts \
    driver=file,filename=/dev/null,force-share=off
[1]    19681 segmentation fault (core dumped)  ./qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=of


Expected results:

First, neither should crash.  Secondly, when using -U together with force-share=off, we may want to report an error (because -U sets force-share=on).


Additional info:

Upstream patches are queued.

Comment 3 Miroslav Rezanina 2018-06-25 14:17:10 UTC
Fix included in qemu-kvm-rhev-2.12.0-5.el7

Comment 5 Ping Li 2018-06-27 02:52:31 UTC
Verified the bug with below packages an test steps.

Packages tested:
kernel-3.10.0-915.el7
qemu-kvm-rhev-2.12.0-5.el7

Test steps:
1. Option '-U' and 'force-share=off' can't be used at the same time.
1.1 for a file
# qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=off
-U conflicts with image options
# qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=off
qemu-img: --force-share/-U conflicts with image options
1.2 for a qcow2 image
# qemu-io -r -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=off
-U conflicts with image options
# qemu-img info -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=off
qemu-img: --force-share/-U conflicts with image options

2. Option '-U' and 'force-share=on' can be used at the same time.
2.1 for a file
# qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=on
qemu-io> 
# qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=on
image: /dev/null
file format: file
virtual size: 0 (0 bytes)
disk size: 0
2.2 for a qcow2 image
# qemu-io -r -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=on
qemu-io> 
# qemu-img info -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=on
image: base.qcow2
file format: qcow2
virtual size: 100M (104857600 bytes)
disk size: 1.3M
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false

3. Run case 153 in qemu-iotests
# rpm -ivhf qemu-kvm-rhev-2.12.0-5.el7.src.rpm
# rpmbuild -bp /root/rpmbuild/SPECS/qemu-kvm.spec --nodeps
# cd /root/rpmbuild/BUILD/qemu-2.12.0/
# ./configure
# export QEMU_PROG=/usr/libexec/qemu-kvm
# export QEMU_IMG_PROG=/usr/bin/qemu-img
# export QEMU_IO_PROG=/usr/bin/qemu-io
# export QEMU_NBD_PROG=/usr/bin/qemu-nbd
# cd tests/qemu-iotests
# ./check -qcow2 153
QEMU          -- "/usr/libexec/qemu-kvm" -nodefaults -machine accel=qtest
QEMU_IMG      -- "/usr/bin/qemu-img" 
QEMU_IO       -- "/usr/bin/qemu-io"  --cache writeback -f qcow2
QEMU_NBD      -- "/usr/bin/qemu-nbd" 
IMGFMT        -- qcow2 (compat=1.1)
IMGPROTO      -- file
PLATFORM      -- Linux/x86_64 hp-dl385g7-09 3.10.0-915.el7.x86_64
TEST_DIR      -- /root/rpmbuild/BUILD/qemu-2.12.0/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- 

153        
Passed all 1 tests

Comment 7 errata-xmlrpc 2018-11-01 11:09:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3443