Bug 852592

Summary: libvirtd will be crashed when run vcpupin more than once
Product: Red Hat Enterprise Linux 6 Reporter: hongming <honzhang>
Component: libvirtAssignee: Peter Krempa <pkrempa>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.4CC: acathrow, dyasny, dyuan, mzhan, rwu, ydu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-0.10.1-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 07:22:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
libvirt debug log none

Description hongming 2012-08-29 02:53:41 UTC 
Description of problem:
When pin vcpu using vcpupin command more than once . the libvirtd will be crashed. 

Version-Release number of selected component (if applicable):
libvirt-0.10.0-0rc1.el6.x86_64
qemu-kvm-0.12.1.2-2.295.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.# virsh start rhel6.2
Domain rhel6.2 started


2.# virsh dumpxml rhel6.2 
......
  <vcpu placement='static'>5</vcpu>
......

3.# virsh nodeinfo
CPU model:           x86_64
CPU(s):              4
CPU frequency:       1600 MHz
CPU socket(s):       1
Core(s) per socket:  4
Thread(s) per core:  1
NUMA cell(s):        1
Memory size:         7946252 KiB
 

4. Run the vcpupin command more than once.
# virsh vcpupin rhel6.2 0 1-2

# virsh vcpupin rhel6.2 1 1-2

# virsh vcpupin rhel6.2 2 3

# virsh vcpupin rhel6.2 3 3
error: End of file while reading data: Input/output error
error: Failed to reconnect to the hypervisor

  
Actual results:
libvirtd is crashed

Expected results:
libvirtd works fine

Additional info:
Comment 1 hongming 2012-08-29 02:54:53 UTC 
Created attachment 607726 [details]
libvirt debug log
Comment 3 Peter Krempa 2012-08-30 13:52:22 UTC 
Patches sent upstream:
http://www.redhat.com/archives/libvir-list/2012-August/msg01912.html
Comment 4 Peter Krempa 2012-08-30 15:08:07 UTC 
Fixed upstream with:

commit 077e7bf51f17c20bcf49aac1dff79247e13d5d6d
Author: Peter Krempa <pkrempa>
Date:   Thu Aug 30 15:38:37 2012 +0200

    vcpupin: Fix returning of arrays from virDomainVcpuPinAdd
    
    virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin
    definition doesn't fit into the array. The list is an array of pointers
    but the function definition didn't support returning the changed pointer
    to the caller if it was realloced. This caused segfaults if realloc
    would change the base pointer.

In my scenario, the fourth CPU that was pinned (fourth as in fourth virsh command, you may plug them in any order) caused a reallocation that invalidated the pointer. Up to 3 cpus it worked.

Moving to POST.
Comment 6 yanbing du 2012-09-03 07:11:36 UTC 
Verify with libvirt-0.10.1-1.el6.x86_64.
Following the bug reproduce steps, do several times vcpupin, and libvirtd still running.
Comment 7 errata-xmlrpc 2013-02-21 07:22:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html