Bug 555309 - libvirt crashes in xenUnifiedNodeDeviceReset
Summary: libvirt crashes in xenUnifiedNodeDeviceReset
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: libvirt
Version: 5.5
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Chris Lalancette
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-01-14 11:55 UTC by Jiri Denemark
Modified: 2010-03-30 08:10 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-30 08:10:31 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Only call check function if it's non-NULL (575 bytes, patch)
2010-01-14 11:55 UTC, Jiri Denemark
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 512315 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Product Errata RHBA-2010:0205 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2010-03-29 12:27:37 UTC

Description Jiri Denemark 2010-01-14 11:55:42 UTC
Created attachment 383661 [details]
Only call check function if it's non-NULL

Description of problem:

When virt-manager tries to attach a PCI device to a Xen guest, it calls virNodeDeviceReset (unlike virsh, which doesn't do so) and crashes:

#0  0x0000000000000000 in ?? ()
#1  0x00000038c581acf0 in pciResetDevice (conn=<value optimized out>, vm=<value optimized out>, dev=<value optimized out>, check=<value optimized out>) at pci.c:647
#2  0x00000038c5860f2d in xenUnifiedNodeDeviceReset (dev=<value optimized out>) at xen_unified.c:1533
#3  0x00000038c5825108 in virNodeDeviceReset (dev=<value optimized out>) at libvirt.c:7577
#4  0x00002abf1fbf5c89 in libvirt_virNodeDeviceReset (self=<value optimized out>, args=<value optimized out>) at libvirt-py.c:1489
#5  0x0000003d504950ba in PyEval_EvalFrame () from /usr/lib64/libpython2.4.so.1.0
...

That is because xenUnifiedNodeDeviceReset at xen_unified.c:1533 calls
    pciResetDevice(dev->conn, NULL, pci, NULL)

but pciResetDevice does not really expect it's fourth argument (check) to be NULL and calls it:
    if (!check(conn, vm, dev)) ...

Version-Release number of selected component (if applicable):

libvirt-0.6.3-29.el5

How reproducible:

100%

Steps to Reproduce:

(Taken from https://bugzilla.redhat.com/show_bug.cgi?id=512315#c24)
1. xm cr HVM.cfg
2. Using virt-manager to hotplug a pci device, Add Hardware=>Physical Host
Device=>Choose a hidden pci device=>Click Finish
3. In guest, run #lspci  
4. In host, run #xm pci-list-assign
  
Actual results:

The backtrace above.

Expected results:

No backtrace.

Additional info:

Patch attached.

Comment 1 Jiri Denemark 2010-01-14 12:20:42 UTC
Patch sent to virtualist: http://post-office.corp.redhat.com/archives/virtualist/2010-January/msg00562.html

Comment 2 Daniel Veillard 2010-01-14 15:12:03 UTC
libvirt-0.6.3-30.el5 is built in dist-5E-qu-candidate with the fix,

  thanks !

Daniel

Comment 4 Gunannan Ren 2010-01-15 08:20:56 UTC
The bugs has been verified in libvirt-0.6.3-30.el5

libvirt-devel-0.6.3-30.el5
libvirt-python-0.6.3-30.el5
libvirt-0.6.3-30.el5
libvirt-devel-0.6.3-30.el5
libvirt-debuginfo-0.6.3-30.el5
virt-manager-debuginfo-0.6.1-8.el5
virt-manager-0.6.1-12.el5

#lspci
...
03:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)
03:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)
...

# lspci -n |grep 03:00.0
03:00.0 0200: 8086:10c9 (rev 01)

#virsh nodedev-list 
...
pci_8086_10c9
pci_8086_10c9_0
...

#virsh nodedev-dettach pci_8086_10c9

open Virt-Manager->"Add Hardware" to assign the hidden PCI device to a vm, then
in the guest using "modeprobe acpiphp" and "lspci" will show the assigned PCI device.

Comment 7 errata-xmlrpc 2010-03-30 08:10:31 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0205.html


Note You need to log in before you can comment on or make changes to this bug.