Bug 523418 - xmldesc with a typo makes libvirtd sefault
xmldesc with a typo makes libvirtd sefault
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: libvirt (Show other bugs)
5.4
All Linux
medium Severity high
: rc
: ---
Assigned To: Daniel Veillard
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-15 08:23 EDT by Dan Kenigsberg
Modified: 2010-03-30 04:09 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-30 04:09:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
trivial backport to RHEL-5.4 of upstream patch (635 bytes, patch)
2009-11-18 12:18 EST, Daniel Veillard
no flags Details | Diff

  None (edit)
Description Dan Kenigsberg 2009-09-15 08:23:08 EDT
Description of problem:
I've used createLinux with the following section in xmldesc
    <interface type='bridge'>
       <target def='vnet8'/>
    </interface>
note that "def" instead of "dev". It's ok for libvirt not to like it, but it should not die.

Version-Release number of selected component (if applicable):
libvirt-0.6.3-20.1.el5_4

How reproducible:
always

Steps to Reproduce:
conn.createLinux(xmldesc, 0)
with xmldesc=

  <domain type='kvm'>
  <name>segfault</name>
  <uuid>9ffe28b6-6134-4b1e-8804-1185f49c436f</uuid>
  <memory>256</memory>
  <currentMemory>256</currentMemory>
  <os>
    <type arch='i686' machine='pc'>hvm</type>
    <boot dev='hd'/>
  </os>
  <devices>
    <interface type='bridge'>
       <target def='vnet8'/>
    </interface>
    <serial type='pty'>
      <target port='0'/>
    </serial>
    <console type='pty'>
      <target port='0'/>
    </console>
    <input type='mouse' bus='ps2'/>
    <graphics type='vnc' port='5910' autoport='no' listen='0'/>
  </devices>
</domain>

Actual results:
libvirtd dead

Expected results:
error code returned

Additional info:
Comment 1 Daniel Veillard 2009-09-30 12:47:15 EDT
Fix is trivial, posted it upstream, I expect to have this fixed there
real soon:

https://www.redhat.com/archives/libvir-list/2009-September/msg00931.html

Not sure if it's worth a Z-Stream errata, but we should definitely fix this
for 5.5 at least,

Daniel
Comment 2 Dan Kenigsberg 2009-09-30 13:09:55 EDT
wow, I'm so lucky to have stepped on the only place where virXMLPropString()'s return value was not tested.
Comment 3 Daniel Veillard 2009-10-01 06:11:39 EDT
Well fix is upstream now, I will try to push the fix on the RHEL-5 branch
but no hurry if we don't do a an errata for it.

Daniel
Comment 4 Daniel Veillard 2009-11-18 12:18:57 EST
Created attachment 370139 [details]
trivial backport to RHEL-5.4 of upstream patch
Comment 5 Daniel Veillard 2009-11-25 11:10:22 EST
libvirt-0.6.3-22.el5 has been built in dist-5E-qu-candidate with
the fixes,

Daniel
Comment 7 Gunannan Ren 2009-12-31 01:01:45 EST
The bugs has been fixed in libvirt-0.6.3-28.el5

I tried the bug on libvirt-0.6.3-20.el5 using "virsh define segfault.xml" XMLdesc like above xml definition. Libvirt reports error:
error:Faied to define domain from segfault.xml
error:server closed connection

and at the same time, the libvirtd died. 
the output of "service libvirtd status" is libvirtd dead but pid file exists

on libvirt-0.6.3-28.el5
error: Failed to define domain from segfault.xml
error: internal error No <source> 'dev' attribute specified with <interface type='bridge'/>

the libvirt daemon is running.
Comment 12 errata-xmlrpc 2010-03-30 04:09:57 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0205.html

Note You need to log in before you can comment on or make changes to this bug.