771562 – Change numa parameters with 'nodeset' option will crash libvirtd

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 771562 - Change numa parameters with 'nodeset' option will crash libvirtd

Summary: Change numa parameters with 'nodeset' option will crash libvirtd

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	6.3
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Alex Jia
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-04 05:57 UTC by Alex Jia
Modified:	2012-06-20 06:43 UTC (History)
CC List:	6 users (show)
Fixed In Version:	libvirt-0.9.9-1.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-06-20 06:43:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0748	0	normal	SHIPPED_LIVE	Low: libvirt security, bug fix, and enhancement update	2012-06-19 19:31:38 UTC

Description Alex Jia 2012-01-04 05:57:08 UTC

Description of problem:
Change numa parameters with 'nodeset' option will crash libvirtd.

Version-Release number of selected component (if applicable):
# rpm -q libvirt
libvirt-0.9.9-0rc1.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. # virsh list --all
 Id Name                 State
----------------------------------
  - vr-rhel5u7-x86_64-kvm shut off

2. # virsh numatune vr-rhel5u7-x86_64-kvm --nodeset 0
error: Unable to change numa parameters
error: End of file while reading data: Input/output error

3. # virsh list --all
error: Failed to reconnect to the hypervisor
error: no valid connection
error: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Connection refused

  
Actual results:

# service libvirtd status
libvirtd dead but pid file exists

Expected results:
numa tuning works well and has no effect on libvirt daemon.

Additional info:

Comment 1 Alex Jia 2012-01-04 07:30:38 UTC

It should be codes deref a NULL pointer to crash libvirt daemon:

(gdb) s

Program received signal SIGSEGV, Segmentation fault.
0x000000000045dffe in qemuDomainSetNumaParameters (dom=<value optimized out>, params=<value optimized out>, nparams=1, flags=2) at /usr/include/bits/string3.h:52
52        return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));

#2  <signal handler called>
#3  0x000000000045dffe in qemuDomainSetNumaParameters (dom=<value optimized out>, params=<value optimized out>, nparams=1, flags=2) at /usr/include/bits/string3.h:52
#4  0x0000003b8b2d137a in virDomainSetNumaParameters (domain=0x7f8220000b50, params=0x7f82200008c0, nparams=1, flags=0) at libvirt.c:3816
#5  0x0000000000439a89 in remoteDispatchDomainSetNumaParameters (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f823481bbd0, args=<value optimized out>,
    ret=<value optimized out>) at remote_dispatch.h:4824
#6  remoteDispatchDomainSetNumaParametersHelper (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f823481bbd0, args=<value optimized out>,
    ret=<value optimized out>) at remote_dispatch.h:4794
#7  0x0000003b8b306335 in virNetServerProgramDispatchCall (prog=0x199cda0, server=0x1991b60, client=0x199bc10, msg=0x199cfb0) at rpc/virnetserverprogram.c:416
#8  virNetServerProgramDispatch (prog=0x199cda0, server=0x1991b60, client=0x199bc10, msg=0x199cfb0) at rpc/virnetserverprogram.c:289
#9  0x0000003b8b3075c1 in virNetServerHandleJob (jobOpaque=<value optimized out>, opaque=<value optimized out>) at rpc/virnetserver.c:164
#10 0x0000003b8b25758c in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:144
#11 0x0000003b8b256ea2 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:157
#12 0x0000003b72a077f1 in start_thread () from /lib64/libpthread.so.0
#13 0x0000003b726e570d in clone () from /lib64/libc.so.6

Comment 2 Alex Jia 2012-01-04 07:56:13 UTC

Patch for upstream:
https://www.redhat.com/archives/libvir-list/2012-January/msg00116.html

Comment 3 Alex Jia 2012-01-05 05:41:58 UTC

(In reply to comment #2)
> Patch for upstream:
> https://www.redhat.com/archives/libvir-list/2012-January/msg00116.html

The patch is incorrect, Hu Tao's patch works well for me, but still need to wait other developers ACK:
https://www.redhat.com/archives/libvir-list/2012-January/msg00125.html

Comment 4 Alex Jia 2012-01-06 02:41:20 UTC

In POST:

commit 6b780f744b02b456931932a6d8c3db8c3a149656
Author: Hu Tao <hutao.com>
Date:   Wed Jan 4 17:41:43 2012 +0800

    qemu: fix a bug in numatune
    
    When setting numa nodeset for a domain which has no nodeset set
    before, libvirtd crashes by dereferencing the pointer to the old
    nodemask which is null in that case.

Comment 5 Daniel Veillard 2012-01-09 09:35:35 UTC

It made it in time for 0.9.9,

Daniel

Comment 7 Wayne Sun 2012-01-10 09:00:48 UTC

# rpm -q libvirt
libvirt-0.9.9-1.el6.x86_64

# virsh list --all
 Id Name                 State
----------------------------------
  - rhel6u2              shut off

# virsh numatune rhel6u2 --nodeset 0

# virsh list --all
 Id Name                 State
----------------------------------
  - rhel6u2              shut off

# service libvirtd status
libvirtd (pid  8024) is running...

# virsh dumpxml rhel6u2
  ......
  <numatune>
    <memory mode='strict' nodeset='0'/>
  </numatune>
  ......

# virsh start rhel6u2
Domain rhel6u2 started

so, this is fixed.

Comment 9 errata-xmlrpc 2012-06-20 06:43:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0748.html

Note You need to log in before you can comment on or make changes to this bug.