Bug 771562

Summary: Change numa parameters with 'nodeset' option will crash libvirtd
Product: Red Hat Enterprise Linux 6 Reporter: Alex Jia <ajia>
Component: libvirtAssignee: Alex Jia <ajia>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 6.3CC: acathrow, dyuan, gsun, mzhan, rwu, veillard
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-0.9.9-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 06:43:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alex Jia 2012-01-04 05:57:08 UTC 
Description of problem:
Change numa parameters with 'nodeset' option will crash libvirtd.

Version-Release number of selected component (if applicable):
# rpm -q libvirt
libvirt-0.9.9-0rc1.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. # virsh list --all
 Id Name                 State
----------------------------------
  - vr-rhel5u7-x86_64-kvm shut off

2. # virsh numatune vr-rhel5u7-x86_64-kvm --nodeset 0
error: Unable to change numa parameters
error: End of file while reading data: Input/output error

3. # virsh list --all
error: Failed to reconnect to the hypervisor
error: no valid connection
error: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Connection refused

  
Actual results:

# service libvirtd status
libvirtd dead but pid file exists

Expected results:
numa tuning works well and has no effect on libvirt daemon.

Additional info:
Comment 1 Alex Jia 2012-01-04 07:30:38 UTC 
It should be codes deref a NULL pointer to crash libvirt daemon:

(gdb) s

Program received signal SIGSEGV, Segmentation fault.
0x000000000045dffe in qemuDomainSetNumaParameters (dom=<value optimized out>, params=<value optimized out>, nparams=1, flags=2) at /usr/include/bits/string3.h:52
52        return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));

#2  <signal handler called>
#3  0x000000000045dffe in qemuDomainSetNumaParameters (dom=<value optimized out>, params=<value optimized out>, nparams=1, flags=2) at /usr/include/bits/string3.h:52
#4  0x0000003b8b2d137a in virDomainSetNumaParameters (domain=0x7f8220000b50, params=0x7f82200008c0, nparams=1, flags=0) at libvirt.c:3816
#5  0x0000000000439a89 in remoteDispatchDomainSetNumaParameters (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f823481bbd0, args=<value optimized out>,
    ret=<value optimized out>) at remote_dispatch.h:4824
#6  remoteDispatchDomainSetNumaParametersHelper (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f823481bbd0, args=<value optimized out>,
    ret=<value optimized out>) at remote_dispatch.h:4794
#7  0x0000003b8b306335 in virNetServerProgramDispatchCall (prog=0x199cda0, server=0x1991b60, client=0x199bc10, msg=0x199cfb0) at rpc/virnetserverprogram.c:416
#8  virNetServerProgramDispatch (prog=0x199cda0, server=0x1991b60, client=0x199bc10, msg=0x199cfb0) at rpc/virnetserverprogram.c:289
#9  0x0000003b8b3075c1 in virNetServerHandleJob (jobOpaque=<value optimized out>, opaque=<value optimized out>) at rpc/virnetserver.c:164
#10 0x0000003b8b25758c in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:144
#11 0x0000003b8b256ea2 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:157
#12 0x0000003b72a077f1 in start_thread () from /lib64/libpthread.so.0
#13 0x0000003b726e570d in clone () from /lib64/libc.so.6
Comment 2 Alex Jia 2012-01-04 07:56:13 UTC 
Patch for upstream:
https://www.redhat.com/archives/libvir-list/2012-January/msg00116.html
Comment 3 Alex Jia 2012-01-05 05:41:58 UTC 
(In reply to comment #2)
> Patch for upstream:
> https://www.redhat.com/archives/libvir-list/2012-January/msg00116.html

The patch is incorrect, Hu Tao's patch works well for me, but still need to wait other developers ACK:
https://www.redhat.com/archives/libvir-list/2012-January/msg00125.html
Comment 4 Alex Jia 2012-01-06 02:41:20 UTC 
In POST:

commit 6b780f744b02b456931932a6d8c3db8c3a149656
Author: Hu Tao <hutao.com>
Date:   Wed Jan 4 17:41:43 2012 +0800

    qemu: fix a bug in numatune
    
    When setting numa nodeset for a domain which has no nodeset set
    before, libvirtd crashes by dereferencing the pointer to the old
    nodemask which is null in that case.
Comment 5 Daniel Veillard 2012-01-09 09:35:35 UTC 
It made it in time for 0.9.9,

Daniel
Comment 7 Wayne Sun 2012-01-10 09:00:48 UTC 
# rpm -q libvirt
libvirt-0.9.9-1.el6.x86_64

# virsh list --all
 Id Name                 State
----------------------------------
  - rhel6u2              shut off

# virsh numatune rhel6u2 --nodeset 0

# virsh list --all
 Id Name                 State
----------------------------------
  - rhel6u2              shut off

# service libvirtd status
libvirtd (pid  8024) is running...

# virsh dumpxml rhel6u2
  ......
  <numatune>
    <memory mode='strict' nodeset='0'/>
  </numatune>
  ......

# virsh start rhel6u2
Domain rhel6u2 started

so, this is fixed.
Comment 9 errata-xmlrpc 2012-06-20 06:43:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0748.html