1191355 – target libvirtd crashed when migrate uri not right

Bug 1191355 - target libvirtd crashed when migrate uri not right

Summary: target libvirtd crashed when migrate uri not right

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.1
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Ján Tomko
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-02-11 06:44 UTC by Luyao Huang
Modified:	2015-11-19 06:14 UTC (History)
CC List:	6 users (show)
Fixed In Version:	libvirt-1.2.13-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-19 06:14:47 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:2202	0	normal	SHIPPED_LIVE	libvirt bug fix and enhancement update	2015-11-19 08:17:58 UTC

Description Luyao Huang 2015-02-11 06:44:02 UTC

description of problem:
target libvirtd crashed when migrate uri not right

Version-Release number of selected component (if applicable):
libvirt-1.2.8-16.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
 
1.direct migrate a happy vm from source to target
# virsh migrate test4 --live qemu+ssh://lhuang/system --migrateuri 10.66.6.12
error: End of file while reading data: Ncat: Broken pipe.: Input/output error

2.check target libvirtd pid have changed

Actual results:
target libvirtd crashed when migrate uri not right

Expected results:
not crash

infomation:

backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7faf28e76700 (LWP 17918)]
0x00007faf215e2584 in qemuMigrationPrepareDirect (driver=driver@entry=0x7faf180ffc20, dconn=dconn@entry=0x7faf140009a0,
    cookiein=cookiein@entry=0x7faf00001400 "<qemu-migration>\n  <name>test4</name>\n  <uuid>b1e7936b-104b-430e-9211-d6c61b8df313</uuid>\n  <hostname>test1</hostname>\n  <hostuuid>9541c739-5475-b76e-fd71-9f33cd23da24</hostuuid>\n  <feature name='lock"..., cookieinlen=cookieinlen@entry=228, cookieout=cookieout@entry=0x7faf28e75b68, cookieoutlen=cookieoutlen@entry=0x7faf28e75b64, uri_in=0x7faf000015c0 "10.66.6.12",
    uri_out=uri_out@entry=0x7faf00002030, def=def@entry=0x7faf28e759d8, origname=0x0, listenAddress=0x7faf181160d0 "10.66.6.127", flags=flags@entry=1) at qemu/qemu_migration.c:3009
3009                if (STRNEQ(uri->scheme, "tcp") &&
(gdb) t a a bt

...
Thread 10 (Thread 0x7faf28e76700 (LWP 17918)):
#0  0x00007faf215e2584 in qemuMigrationPrepareDirect (driver=driver@entry=0x7faf180ffc20, dconn=dconn@entry=0x7faf140009a0,
    cookiein=cookiein@entry=0x7faf00001400 "<qemu-migration>\n  <name>test4</name>\n  <uuid>b1e7936b-104b-430e-9211-d6c61b8df313</uuid>\n  <hostname>test1</hostname>\n  <hostuuid>9541c739-5475-b76e-fd71-9f33cd23da24</hostuuid>\n  <feature name='lock"..., cookieinlen=cookieinlen@entry=228, cookieout=cookieout@entry=0x7faf28e75b68, cookieoutlen=cookieoutlen@entry=0x7faf28e75b64, uri_in=0x7faf000015c0 "10.66.6.12",
    uri_out=uri_out@entry=0x7faf00002030, def=def@entry=0x7faf28e759d8, origname=0x0, listenAddress=0x7faf181160d0 "10.66.6.127", flags=flags@entry=1) at qemu/qemu_migration.c:3009
#1  0x00007faf2160b4a0 in qemuDomainMigratePrepare3Params (dconn=0x7faf140009a0, params=<optimized out>, nparams=2,
    cookiein=0x7faf00001400 "<qemu-migration>\n  <name>test4</name>\n  <uuid>b1e7936b-104b-430e-9211-d6c61b8df313</uuid>\n  <hostname>test1</hostname>\n  <hostuuid>9541c739-5475-b76e-fd71-9f33cd23da24</hostuuid>\n  <feature name='lock"..., cookieinlen=228, cookieout=0x7faf28e75b68, cookieoutlen=0x7faf28e75b64, uri_out=0x7faf00002030, flags=1) at qemu/qemu_driver.c:11601
#2  0x00007faf382da6ac in virDomainMigratePrepare3Params (dconn=0x7faf140009a0, params=params@entry=0x7faf000014f0, nparams=2,
    cookiein=0x7faf00001400 "<qemu-migration>\n  <name>test4</name>\n  <uuid>b1e7936b-104b-430e-9211-d6c61b8df313</uuid>\n  <hostname>test1</hostname>\n  <hostuuid>9541c739-5475-b76e-fd71-9f33cd23da24</hostuuid>\n  <feature name='lock"..., cookieinlen=228, cookieout=cookieout@entry=0x7faf28e75b68, cookieoutlen=cookieoutlen@entry=0x7faf28e75b64, uri_out=0x7faf00002030, flags=1) at libvirt.c:6935
#3  0x00007faf38d665e8 in remoteDispatchDomainMigratePrepare3Params (server=<optimized out>, msg=<optimized out>, ret=0x7faf000008f0, args=0x7faf000008c0, rerr=0x7faf28e75c80, client=<optimized out>)
    at remote.c:5582
#4  remoteDispatchDomainMigratePrepare3ParamsHelper (server=<optimized out>, client=<optimized out>, msg=<optimized out>, rerr=0x7faf28e75c80, args=0x7faf000008c0, ret=0x7faf000008f0) at remote_dispatch.h:6094
#5  0x00007faf38343242 in virNetServerProgramDispatchCall (msg=0x7faf394e2fb0, client=0x7faf394f2ee0, server=0x7faf394e1f10, prog=0x7faf394eefe0) at rpc/virnetserverprogram.c:437
#6  virNetServerProgramDispatch (prog=0x7faf394eefe0, server=server@entry=0x7faf394e1f10, client=0x7faf394f2ee0, msg=0x7faf394e2fb0) at rpc/virnetserverprogram.c:307
#7  0x00007faf38d903ed in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x7faf394e1f10) at rpc/virnetserver.c:172
#8  virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x7faf394e1f10) at rpc/virnetserver.c:193
#9  0x00007faf38246e65 in virThreadPoolWorker (opaque=opaque@entry=0x7faf394c4900) at util/virthreadpool.c:145
#10 0x00007faf382467fe in virThreadHelper (data=<optimized out>) at util/virthread.c:197
#11 0x00007faf35a97df5 in start_thread (arg=0x7faf28e76700) at pthread_create.c:308
#12 0x00007faf353ae1ad in clone () from /lib64/libc.so.6
...

Comment 1 Ján Tomko 2015-02-11 12:28:20 UTC

Fixed upstream by:
commit 45853b5289646dfcb8215d714df57f069811001c
Author:     Luyao Huang <lhuang>
CommitDate: 2015-02-11 13:20:30 +0100

    qemu: fix crash when migrateuri has no scheme
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1191355
    
    When we attempt to migrate a vm with a migrateuri that has no scheme:
    
     # virsh migrate test4 --live qemu+ssh://lhuang/system --migrateuri 127.0.0.1
    
    target libvirtd will crash because uri->scheme is NULL in
    qemuMigrationPrepareDirect on this line:
    
         if (STRNEQ(uri->scheme, "tcp") &&
    
    Add a value check before this line. Also fix a bug like this in
    doNativeMigrate, that could only happen when destination libvirtd
    returned an incorrect URI.
    
    Signed-off-by: Luyao Huang <lhuang>
    Signed-off-by: Ján Tomko <jtomko>

git describe: v1.2.12-108-g45853b5

Comment 3 zhe peng 2015-05-26 06:31:51 UTC

I can reproduce this with libvirt-1.2.8-16.el7.x86_64

verify with build:
libvirt-1.2.15-2.el7.x86_64

on target:
check libvirtd pid before migration
# pidof libvirtd
19449

on source do migration
# virsh migrate rhel7 --live qemu+ssh://$target_ip/system --migrateuri 1.1.1.1
error: invalid argument: missing scheme in migration URI: 1.1.1.1

on target check libvird pid again
# pidof libvirtd
19449

libvirtd on target not crashed

move to verified.

Comment 5 errata-xmlrpc 2015-11-19 06:14:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2202.html

Note You need to log in before you can comment on or make changes to this bug.