Bug 1195156 - libvirtd crashes when storage pool contains a qcow file backed by "nbd://localhost" or other URI lacking the path component
Summary: libvirtd crashes when storage pool contains a qcow file backed by "nbd://loca...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Peter Krempa
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 1189007
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-23 09:36 UTC by Jan Kurik
Modified: 2015-03-05 14:10 UTC (History)
23 users (show)

Fixed In Version: libvirt-1.2.8-16.el7_1.1
Doc Type: Bug Fix
Doc Text:
Due to a missing check when copying the path segment of the URI of a storage backing file, a NULL pointer dereference occurred. Consequently, the libvirtd daemon terminated unexpectedly when parsing disk volume backing strings that contained a URI without the "nbd://localhost" path. With this update, libvirtd has been adjusted not to access the path segment of a URI when the path segment is not provided, and the described crash no longer occurs.
Clone Of: 1189007
Environment:
Last Closed: 2015-03-05 14:10:08 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0625 0 normal SHIPPED_LIVE libvirt bug fix update 2015-03-05 18:40:56 UTC

Description Jan Kurik 2015-02-23 09:36:42 UTC 
This bug has been copied from bug #1189007 and has been proposed
to be backported to 7.1 z-stream (EUS).
Comment 8 Yang Yang 2015-02-26 05:38:28 UTC 
Hi Peter,
Libvirtd still crashes when a storage file backed by "gluster://$IP". It works well when storage file backed by "nbd://localhost", "iscsi://$IP" and "rbd://$IP".

product version
qemu-img-rhev-2.1.2-23.el7_1.1.x86_64
kernel-3.10.0-229.el7.x86_64
libvirt-1.2.8-16.el7_1.1.x86_64

Steps for verification:

1. storage file backed by gluster://$IP

# qemu-img create -f qcow2 /var/lib/libvirt/images/gluster.img 100M
Formatting '/var/lib/libvirt/images/gluster.img', fmt=qcow2 size=104857600 encryption=off cluster_size=65536 lazy_refcounts=off 
[root@rhel7 ~]# qemu-img rebase -u -f qcow2 -F raw -b gluster://10.66.4.164 /var/lib/libvirt/images/gluster.img 
[root@rhel7 ~]# qemu-img info /var/lib/libvirt/images/gluster.img
image: /var/lib/libvirt/images/gluster.img
file format: qcow2
virtual size: 100M (104857600 bytes)
disk size: 196K
cluster_size: 65536
backing file: gluster://10.66.4.164
backing file format: raw
Format specific information:
    compat: 1.1
    lazy refcounts: false
[root@rhel7 ~]# virsh pool-refresh default
error: Failed to refresh pool default
error: End of file while reading data: Input/output error
error: Failed to reconnect to the hypervisor

2. storage file backed by iscsi://$IP
[root@ibm-x3650m4-04 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/iscsi.img 100M
Formatting '/var/lib/libvirt/images/iscsi.img', fmt=qcow2 size=104857600 encryption=off cluster_size=65536 lazy_refcounts=off 
[root@ibm-x3650m4-04 ~]# qemu-img rebase -u -f qcow2 -F raw -b iscsi://10.66.5.155 /var/lib/libvirt/images/iscsi.img
[root@ibm-x3650m4-04 ~]# qemu-img info /var/lib/libvirt/images/iscsi.img
image: /var/lib/libvirt/images/iscsi.img
file format: qcow2
virtual size: 100M (104857600 bytes)
disk size: 196K
cluster_size: 65536
backing file: iscsi://10.66.5.155
backing file format: raw
Format specific information:
    compat: 1.1
    lazy refcounts: false
[root@ibm-x3650m4-04 ~]# virsh pool-refresh default
Pool default refreshed

[root@ibm-x3650m4-04 ~]# virsh vol-list default
 Name                 Path                                    
------------------------------------------------------------------------------
 iscsi.img            /var/lib/libvirt/images/iscsi.img

[root@ibm-x3650m4-04 ~]# virsh vol-dumpxml iscsi.img default
<volume type='file'>
  <name>iscsi.img</name>
  <key>/var/lib/libvirt/images/iscsi.img</key>
  <source>
  </source>
  <capacity unit='bytes'>104857600</capacity>
  <allocation unit='bytes'>200704</allocation>
  <target>
    <path>/var/lib/libvirt/images/iscsi.img</path>
    <format type='qcow2'/>
    <permissions>
      <mode>0644</mode>
      <owner>0</owner>
      <group>0</group>
      <label>unconfined_u:object_r:virt_image_t:s0</label>
    </permissions>
    <timestamps>
      <atime>1424927649.973662076</atime>
      <mtime>1424927643.008717986</mtime>
      <ctime>1424927643.008717986</ctime>
    </timestamps>
    <compat>1.1</compat>
    <features/>
  </target>
  <backingStore>
    <path>iscsi://10.66.5.155</path>
    <format type='raw'/>
  </backingStore>
</volume>

3. storage file backed by nbd://localhost
[root@ibm-x3650m4-04 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/nbd.img 100M
Formatting '/var/lib/libvirt/images/nbd.img', fmt=qcow2 size=104857600 encryption=off cluster_size=65536 lazy_refcounts=off 
[root@ibm-x3650m4-04 ~]# qemu-img rebase -u -f qcow2 -F raw -b nbd://localhost /var/lib/libvirt/images/nbd.img
[root@ibm-x3650m4-04 ~]# qemu-img info /var/lib/libvirt/images/nbd.img
image: /var/lib/libvirt/images/nbd.img
file format: qcow2
virtual size: 100M (104857600 bytes)
disk size: 196K
cluster_size: 65536
backing file: nbd://localhost
backing file format: raw
Format specific information:
    compat: 1.1
    lazy refcounts: false

[root@ibm-x3650m4-04 ~]# virsh pool-refresh default
Pool default refreshed

[root@ibm-x3650m4-04 ~]# virsh vol-dumpxml nbd.img default
<volume type='file'>
  <name>nbd.img</name>
  <key>/var/lib/libvirt/images/nbd.img</key>
  <source>
  </source>
  <capacity unit='bytes'>104857600</capacity>
  <allocation unit='bytes'>200704</allocation>
  <target>
    <path>/var/lib/libvirt/images/nbd.img</path>
    <format type='qcow2'/>
    <permissions>
      <mode>0644</mode>
      <owner>0</owner>
      <group>0</group>
      <label>unconfined_u:object_r:virt_image_t:s0</label>
    </permissions>
    <timestamps>
      <atime>1424927846.036182521</atime>
      <mtime>1424927840.116169454</mtime>
      <ctime>1424927840.116169454</ctime>
    </timestamps>
    <compat>1.1</compat>
    <features/>
  </target>
  <backingStore>
    <path>nbd://localhost</path>
    <format type='raw'/>
  </backingStore>
</volume>

4. storage file backed by rbd://localhost
[root@ibm-x3650m4-04 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/rbd.img 100M
Formatting '/var/lib/libvirt/images/rbd.img', fmt=qcow2 size=104857600 encryption=off cluster_size=65536 lazy_refcounts=off 
[root@ibm-x3650m4-04 ~]# qemu-img rebase -u -f qcow2 -F raw -b rbd://localhost /var/lib/libvirt/images/rbd.img
[root@ibm-x3650m4-04 ~]# qemu-img info /var/lib/libvirt/images/rbd.img
image: /var/lib/libvirt/images/rbd.img
file format: qcow2
virtual size: 100M (104857600 bytes)
disk size: 196K
cluster_size: 65536
backing file: rbd://localhost
backing file format: raw
Format specific information:
    compat: 1.1
    lazy refcounts: false
[root@ibm-x3650m4-04 ~]# virsh pool-refresh default
Pool default refreshed

[root@ibm-x3650m4-04 ~]# virsh vol-list default
 Name                 Path                                    
------------------------------------------------------------------------------
 iscsi.img            /var/lib/libvirt/images/iscsi.img       
 nbd.img              /var/lib/libvirt/images/nbd.img         
 rbd.img              /var/lib/libvirt/images/rbd.img         

[root@ibm-x3650m4-04 ~]# virsh vol-dumpxml rbd.img default
<volume type='file'>
  <name>rbd.img</name>
  <key>/var/lib/libvirt/images/rbd.img</key>
  <source>
  </source>
  <capacity unit='bytes'>104857600</capacity>
  <allocation unit='bytes'>200704</allocation>
  <target>
    <path>/var/lib/libvirt/images/rbd.img</path>
    <format type='qcow2'/>
    <permissions>
      <mode>0644</mode>
      <owner>0</owner>
      <group>0</group>
      <label>unconfined_u:object_r:virt_image_t:s0</label>
    </permissions>
    <timestamps>
      <atime>1424927985.093879693</atime>
      <mtime>1424927975.260807880</mtime>
      <ctime>1424927975.260807880</ctime>
    </timestamps>
    <compat>1.1</compat>
    <features/>
  </target>
  <backingStore>
    <path>rbd://localhost</path>
    <format type='raw'/>
  </backingStore>
</volume>
Comment 10 Yang Yang 2015-02-26 07:55:07 UTC 
New a Bug 1196528 - Libvirtd crashes when a storage file backed by gluster protocol lacking path

As libvirtd does NOT crash when storage file backed by nbd protocol lacking path, mark it as verified.
Comment 12 errata-xmlrpc 2015-03-05 14:10:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0625.html
Note You need to log in before you can comment on or make changes to this bug.