Bug 644793 - qemu-kvm -no-kvm segfaults on pci_add
qemu-kvm -no-kvm segfaults on pci_add
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kvm (Show other bugs)
5.6
All Linux
low Severity medium
: rc
: ---
Assigned To: Alex Williamson
Virtualization Bugs
: Triaged
Depends On:
Blocks: Rhel5KvmTier3
  Show dependency treegraph
 
Reported: 2010-10-20 05:51 EDT by Jiri Denemark
Modified: 2011-07-21 07:49 EDT (History)
5 users (show)

See Also:
Fixed In Version: kvm-83-228.el5
Doc Type: Bug Fix
Doc Text:
In hot plug mode, when a PCI device was being attached to a QEMU guest with the "-no-kvm" command line option, the qemu-kvm utility terminated with a segmentation fault. This bug has been fixed, and qemu-kvm now exits properly and returns appropriate error messages in the described scenario.
Story Points: ---
Clone Of:
: 688428 (view as bug list)
Environment:
Last Closed: 2011-07-21 04:50:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jiri Denemark 2010-10-20 05:51:15 EDT
Description of problem:

Trying to assigne a PCI device to qemu guest in -no-kvm mode crashes qemu-kvm:

0x000000000052a7e3 in kvm_check_extension (kvm=0x0, ext=18) at libkvm.c:423
423		ret = ioctl(kvm->fd, KVM_CHECK_EXTENSION, ext);
(gdb) bt
#0  0x000000000052a7e3 in kvm_check_extension (kvm=0x0, ext=18) at libkvm.c:423
#1  0x00000000004275dd in assign_device (adev=0x17d0ff20, bus=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/device-assignment.c:616
#2  init_assigned_device (adev=0x17d0ff20, bus=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/device-assignment.c:1154
#3  0x0000000000426175 in qemu_pci_hot_assign_device (pci_addr=<value optimized out>, type=0x17d55f60 "host", opts=0x17d55f80 "host=03:00.0")
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/pci-hotplug.c:147
#4  pci_device_hot_add (pci_addr=<value optimized out>, type=0x17d55f60 "host", opts=0x17d55f80 "host=03:00.0")
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/pci-hotplug.c:196
#5  0x0000000000410a9b in monitor_handle_command (opaque=<value optimized out>, cmdline=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/monitor.c:2712
#6  monitor_handle_command1 (opaque=<value optimized out>, cmdline=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/monitor.c:3079
#7  0x0000000000464b82 in readline_handle_byte (ch=<value optimized out>) at readline.c:398
#8  0x000000000040ef8f in term_read (opaque=<value optimized out>, buf=0x12 <Address 0x12 out of bounds>, size=40)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/monitor.c:3072
#9  0x000000000046ffec in tcp_chr_read (opaque=<value optimized out>) at qemu-char.c:1953
#10 0x0000000000409592 in main_loop_wait (timeout=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4043
#11 0x000000000040e442 in main_loop (argc=38, argv=0x7fff380f2e58, envp=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4241

Version-Release number of selected component (if applicable):

kvm-83-205.el5

How reproducible:

100%

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 6 RHEL Product and Program Management 2011-01-11 15:53:30 EST
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 7 RHEL Product and Program Management 2011-01-11 17:54:21 EST
This request was erroneously denied for the current release of
Red Hat Enterprise Linux.  The error has been fixed and this
request has been re-proposed for the current release.
Comment 12 Chao Yang 2011-05-05 09:20:41 EDT
Re-assigning this bug, cause qemu-kvm does not quit if boot with -no-kvm -pcidevice. If it works as expected, please re-move to ON_QA status, thanks.

# /usr/libexec/qemu-kvm -no-kvm -M rhel5.6.0 -no-hpet -rtc-td-hack -startdate now -name rhel5.7 -smp 2 -m 2048 -cpu qemu64 -uuid `uuidgen` -boot c  -drive file=/root/images/rhel5.7-64.qcow2,media=disk,if=ide,cache=none,boot=on,format=qcow2 -vnc :2 -notify all -balloon none -monitor stdio  -net none -pcidevice host=09:00.1 -pcidevice host=09:10.2
QEMU 0.9.1 monitor - type 'help' for more information 
(qemu) info status 
VM status: running
(qemu) info pci
  Bus  0, device   0, function 0:
    Host bridge: PCI device 8086:1237
  Bus  0, device   1, function 0:
    ISA bridge: PCI device 8086:7000
  Bus  0, device   1, function 1:
    IDE controller: PCI device 8086:7010
      BAR4: I/O at 0xc000 [0xc00f].
  Bus  0, device   1, function 3:
    Bridge: PCI device 8086:7113
      IRQ 9.
  Bus  0, device   2, function 0:
    VGA controller: PCI device 1013:00b8
      BAR0: 32 bit memory at 0xc2000000 [0xc3ffffff].
      BAR1: 32 bit memory at 0xc4000000 [0xc4000fff].
Comment 13 Chao Yang 2011-05-05 09:22:43 EDT
kvm version : kvm-83-232.el5
Comment 14 Alex Williamson 2011-05-05 10:05:30 EDT
This bug is specifically for the hotplug case, no change has been made to coldplug.
Comment 17 Chao Yang 2011-05-09 03:42:25 EDT
Reproduced on kvm-83-224.el5 with following steps: 
1. boot a guest by:
/usr/libexec/qemu-kvm -no-kvm -M rhel5.6.0 -no-hpet -rtc-td-hack -startdate now -name rhel5.7 -smp 2 -m 2048 -cpu qemu64,+sse2 -uuid `uuidgen` -boot c -net nic,vlan=1,macaddr=13:45:65:31:ad:89,model=virtio -net tap,vlan=1,script=/etc/qemu-ifup -drive file=rhel5.7-64-copy.qcow2,media=disk,if=virtio,cache=none,boot=on,format=qcow2 -vnc :1 -notify all -balloon none -monitor stdio
2. hot-plug a nic by:
pci_add pci_addr=auto host host=04:00.1

Actual Result:
Program received signal SIGSEGV, Segmentation fault.
0x000000000052aba3 in kvm_check_extension (kvm=0x0, ext=18) at libkvm.c:423
423		ret = ioctl(kvm->fd, KVM_CHECK_EXTENSION, ext);
(gdb) bt
#0  0x000000000052aba3 in kvm_check_extension (kvm=0x0, ext=18) at libkvm.c:423
#1  0x00000000004276dd in assign_device (adev=0x16feed0, bus=<value optimized out>)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/device-assignment.c:616
#2  init_assigned_device (adev=0x16feed0, bus=<value optimized out>)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/device-assignment.c:1154
#3  0x0000000000426275 in qemu_pci_hot_assign_device (pci_addr=<value optimized out>, type=0x17cbff0 "host", 
    opts=0x17cc010 "host=04:00.1") at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/pci-hotplug.c:147
#4  pci_device_hot_add (pci_addr=<value optimized out>, type=0x17cbff0 "host", opts=0x17cc010 "host=04:00.1")
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/hw/pci-hotplug.c:196
#5  0x0000000000410b7b in monitor_handle_command (opaque=<value optimized out>, cmdline=<value optimized out>)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/monitor.c:2712
#6  monitor_handle_command1 (opaque=<value optimized out>, cmdline=<value optimized out>)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/monitor.c:3079
#7  0x0000000000464db2 in readline_handle_byte (ch=<value optimized out>) at readline.c:398
#8  0x000000000040f06f in term_read (opaque=<value optimized out>, buf=0x12 <Address 0x12 out of bounds>, size=1)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/monitor.c:3072
#9  0x0000000000470ba1 in fd_chr_read (opaque=<value optimized out>) at qemu-char.c:541
#10 0x0000000000409672 in main_loop_wait (timeout=<value optimized out>)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4048
#11 0x000000000040e522 in main_loop (argc=34, argv=0x7fffffffe788, envp=<value optimized out>)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4246
#12 main (argc=34, argv=0x7fffffffe788, envp=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:6545


Verified on kvm-83-232.el5 with same steps mentioned above, after step 2:
(qemu) pci_add pci_addr=auto host host=04:00.1
Error: device assignment requires KVM support
failed to add host=04:00.1


qemu-kvm exits with errors instead of crashing, this bug has been fixed.
Comment 18 Chao Yang 2011-05-09 03:44:44 EDT
qemu-kvm complains errors instead of crashing, this bug has been fixed.
Comment 20 Tomas Capek 2011-07-19 05:02:33 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
In hot plug mode, when a PCI device was being attached to a QEMU guest with the "-no-kvm" command line option, the qemu-kvm utility terminated with a segmentation fault. This bug has been fixed, and qemu-kvm now exits properly and returns appropriate error messages in the described scenario.
Comment 21 errata-xmlrpc 2011-07-21 04:50:28 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1068.html
Comment 22 errata-xmlrpc 2011-07-21 07:49:03 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1068.html

Note You need to log in before you can comment on or make changes to this bug.