Bug 1026903 - QMP: human-monitor-command: fix buffer duplication
Summary: QMP: human-monitor-command: fix buffer duplication
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Laszlo Ersek
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-05 15:42 UTC by Luiz Capitulino
Modified: 2014-10-14 06:54 UTC (History)
9 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.420.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-14 06:54:03 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1490 0 normal SHIPPED_LIVE qemu-kvm bug fix and enhancement update 2014-10-14 01:28:27 UTC

Description Luiz Capitulino 2013-11-05 15:42:49 UTC 
The upstream series changing the human-monitor-command not to use the Memory chardev driver in range "git log d05ef16..4bf0bb" was only partially backported by series fixing bug 909059. The end result is a weird and dangerous mix of dynamic buffers when the human-monitor-command is run, although it seems to work.

The missing upstream commits are 48c043d0d1835c64b571c484a9f229fe6d220287 and 4bf0bb8014ac2ac61b1004f5d92b2a4594d48017.

Apparently the human-monitor-command command still works and there's no visible behavior change. But we should backport the missing commits nevertheless, as future changes may introduce bugs.
Comment 2 Laszlo Ersek 2013-11-13 17:55:58 UTC 
As Luiz said, needed commits are:

1 48c043d hmp: human-monitor-command: stop using the Memory chardev driver
2 4bf0bb8 chardev: drop the Memory chardev driver

Commit 48c043d depends on commit

  d51a67b4 qapi: Convert human-monitor-command

which Luiz had posted as patch 13/16 in the upstream series

  QAPI conversions round 3
  http://thread.gmane.org/gmane.comp.emulators.qemu/127538

I tried to cherry-pick this patch as a dependency, just to see the lay of the land, but it runs into conflicts itself.

Hence I grepped the RHEL-6 qemu-kvm commit log for the string

  qapi: Convert

(case insensitively). I found four occurrences:

- For bug 833530, I decided against backporting

  qapi: Convert query-status
  qapi: Convert cont

- For bug 802284, Federico backported

  qapi: Convert blockdev_snapshot_sync

and scavenged some bits from the intrusive

  qapi: convert query-name
  qapi: Convert memsave

Considering the big number of conversion patches Luiz got merged upstream, I think we can say that comparatively we simply don't have those in RHEL-6. Hence I won't start backporting such patches at this stage of RHEL-6.

Reimplementing 48c043d on top of what we have in RHEL-6 now (ie. do_hmp_passthrough() instead of qmp_human_monitor_command) seems possible.
Comment 3 Laszlo Ersek 2013-11-13 18:01:15 UTC 
OTOH conflict resolution seems to be easier for d51a67b4 than rewriting 48c043d. (Supposing that, after porting / resolving d51a67b4, 48c043d would apply cleanly.)
Comment 5 Miroslav Rezanina 2014-01-27 07:51:10 UTC 
Fix included in qemu-kvm-0.12.1.2-2.420.el6
Comment 6 Qunfang Zhang 2014-04-10 10:41:16 UTC 
Hi, Laszlo

To verify this bug, do we need to run a round of qmp function test? Or is there some other requirement? 

Thanks,
Qunfang
Comment 7 Laszlo Ersek 2014-04-10 11:29:20 UTC 
Regression / sanity testing should be enough. Thanks!
Comment 10 errata-xmlrpc 2014-10-14 06:54:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1490.html
Note You need to log in before you can comment on or make changes to this bug.