Bug 678729

*** Bug 739493 has been marked as a duplicate of this bug. ***

1.reproduce on qemu-kvm-0.12.1.2-2.190.el6.x86_64

steps:
 1.1 #gdb /usr/libexec/qemu-kvm
(gdb) r -M rhel6.1.0 -enable-kvm -m 4096 -smp 4 -cpu qemu64,+sse2,+x2apic -name rhel6.1 -uuid `uuidgen` -rtc base=localtime -boot c -drive file=rhel61.qcow2,if=none,id=drive-ide0-0-0,media=disk,format=qcow2,cache=none -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0 -net none -usb -device usb-tablet,id=input0 -spice port=8000,disable-ticketing -vga qxl -monitor stdio -balloon none
1.2 (qemu) device_add pci-assign,host=03:10.5,id=vf44,bus=pci.0,addr=abc

Program received signal SIGSEGV, Segmentation fault.
0x00000032eaa479e7 in vfprintf () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.22-3.el6.x86_64 celt051-0.5.1.3-0.el6.x86_64 cyrus-sasl-gssapi-2.1.23-12.el6.x86_64 cyrus-sasl-lib-2.1.23-12.el6.x86_64 cyrus-sasl-md5-2.1.23-12.el6.x86_64 cyrus-sasl-plain-2.1.23-12.el6.x86_64 db4-4.7.25-16.el6.x86_64 dbus-libs-1.2.24-5.el6_1.x86_64 flac-1.2.1-6.1.el6.x86_64 glibc-2.12-1.43.el6.x86_64 gnutls-2.8.5-4.el6.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-21.el6.x86_64 libICE-1.0.6-1.el6.x86_64 libSM-1.1.0-7.1.el6.x86_64 libX11-1.3-2.el6.x86_64 libXau-1.0.5-1.el6.x86_64 libXext-1.1-3.el6.x86_64 libXfixes-4.0.4-1.el6.x86_64 libXi-1.3-3.el6.x86_64 libXrandr-1.3.0-4.el6.x86_64 libXrender-0.9.5-1.el6.x86_64 libXtst-1.0.99.2-3.el6.x86_64 libaio-0.3.107-10.el6.x86_64 libasyncns-0.8-1.1.el6.x86_64 libcom_err-1.41.12-11.el6.x86_64 libgcrypt-1.4.5-9.el6.x86_64 libgpg-error-1.7-4.el6.x86_64 libjpeg-6b-46.el6.x86_64 libogg-1.1.4-2.1.el6.x86_64 libselinux-2.0.94-5.1.el6.x86_64 libsndfile-1.0.20-5.el6.x86_64 libtasn1-2.3-3.el6.x86_64 libuuid-2.17.2-12.4.el6.x86_64 libvorbis-1.2.3-4.el6.x86_64 libxcb-1.5-1.el6.x86_64 nss-softokn-freebl-3.12.9-9.el6.x86_64 openssl-1.0.0-19.el6.x86_64 pixman-0.18.4-1.el6_0.1.x86_64 pulseaudio-libs-0.9.21-13.el6.x86_64 spice-server-0.8.2-4.el6.x86_64 tcp_wrappers-libs-7.6-57.el6.x86_64 zlib-1.2.3-27.el6.x86_64

result:

(gdb) bt
#0  0x00000032eaa479e7 in vfprintf () from /lib64/libc.so.6
#1  0x00000032eaafc970 in __vsnprintf_chk () from /lib64/libc.so.6
#2  0x000000000041342f in vsnprintf (mon=0xed96e0, fmt=<value optimized out>, 
    ap=<value optimized out>) at /usr/include/bits/stdio2.h:78
#3  monitor_vprintf (mon=0xed96e0, fmt=<value optimized out>, 
    ap=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:283
#4  0x0000000000479d57 in error_report (
    fmt=0x592440 "PCI: devfn %d not available for %s, in use by %s")
    at qemu-error.c:206
#5  0x0000000000419913 in do_pci_register_device (pci_dev=0x14294f0, 
    bus=0xeac010, name=<value optimized out>, devfn=21984, 
    config_read=0x4717d0 <assigned_dev_pci_read_config>, 
    config_write=0x473c40 <assigned_dev_pci_write_config>, 
    header_type=0 '\000') at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:699
#6  0x0000000000419cdb in pci_qdev_init (qdev=0x14294f0, base=0x8dfaa0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1518
#7  0x00000000004c3f48 in qdev_init (dev=0x14294f0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:278
#8  0x00000000004c42d9 in qdev_device_add (opts=0x1424bd0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:253
#9  0x00000000004c4849 in do_device_add (mon=<value optimized out>, 
    qdict=<value optimized out>, ret_data=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:806
#10 0x00000000004124d0 in monitor_call_handler (mon=<value optimized out>, 
    cmd=0x590058, params=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4090
#11 0x0000000000417250 in handle_user_command (mon=0xed96e0, 
    cmdline=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4127
#12 0x000000000041737a in monitor_command_cb (mon=0xed96e0, 
    cmdline=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4682
#13 0x00000000004aa8db in readline_handle_byte (rs=0x230e400, 
    ch=<value optimized out>) at readline.c:369
#14 0x000000000041759c in monitor_read (opaque=<value optimized out>, 
    buf=0x7fffffffbc70 "\r", size=1)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4668
#15 0x00000000004bc56b in qemu_chr_read (opaque=0xcddd10) at qemu-char.c:170
#16 fd_chr_read (opaque=0xcddd10) at qemu-char.c:664
#17 0x000000000040c1ff in main_loop_wait (timeout=1000)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3854
#18 0x0000000000429fca in kvm_main_loop ()
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2204
#19 0x000000000040db05 in main_loop (argc=<value optimized out>, 
    argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4064
#20 main (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6284


2. verify on qemu-kvm-0.12.1.2-2.195.el6.x86_64

2.1 # /usr/libexec/qemu-kvm -M rhel6.1.0 -enable-kvm -m 4096 -smp 4 -cpu qemu64,+sse2,+x2apic -name rhel6.1 -uuid `uuidgen` -rtc base=localtime -boot c -drive file=rhel61.qcow2,if=none,id=drive-ide0-0-0,media=disk,format=qcow2,cache=none -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0 -net none -usb -device usb-tablet,id=input0 -spice port=8000,disable-ticketing -vga qxl -monitor stdio -balloon none
do_spice_init: starting 0.8.3
spice_server_add_interface: SPICE_INTERFACE_MIGRATION
spice_server_add_interface: SPICE_INTERFACE_KEYBOARD
spice_server_add_interface: SPICE_INTERFACE_MOUSE
spice_server_add_interface: SPICE_INTERFACE_QXL
red_worker_main: begin
handle_dev_input: start
QEMU 0.12.1 monitor - type 'help' for more information
(qemu) spice_server_add_interface: SPICE_INTERFACE_TABLET

2.2 (qemu) device_add pci-assign,host=03:10.5,id=vf44,bus=pci.0,addr=abc

result:
Property 'pci-assign.addr' doesn't take value 'abc'

base on above testing result, this bug has been fixed.

Moving to ON_QA because Errata Tool did not do it

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When doing a device assignment of a VF/PF with invalid PCI configuration address value, the qemu-kvm process would quit with a core dump.  This bug has been fixed such that qemu-kvm returns an error and the device assignment fails properly.

Update Tech note to have CCRF errata format.

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,10 @@
-When doing a device assignment of a VF/PF with invalid PCI configuration address value, the qemu-kvm process would quit with a core dump.  This bug has been fixed such that qemu-kvm returns an error and the device assignment fails properly.+When doing a device assignment of a VF/PF with invalid PCI configuration address value, the qemu-kvm process would quit with a core dump.  This bug has been fixed such that qemu-kvm returns an error and the device assignment fails properly.
+
+Cause
+Performing a device assignment of a PCI(e) PF or VF device with an invalid host PCI configuration address, such as 0Z:88.00, to a KVM guest will cause the guest to immediately quit and core dump.
+Consequence
+The qemu-kvm guest process will quit and core dump.
+Fix
+Check the value of the B:D.F fields of an assigned device to ensure they are in the proper ranges.
+Result
+Performing a device assignment of a PCI(e) PF or VF device with an invalid host PCI configuration address will fail the assignment with an error message, and not crash the runnning KVM guest.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html