RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 878862 - NULL pointer usage when starting guest with broken image chain
Summary: NULL pointer usage when starting guest with broken image chain
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Peter Krempa
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 881827
TreeView+ depends on / blocked
 
Reported: 2012-11-21 12:34 UTC by Peter Krempa
Modified: 2013-02-21 07:27 UTC (History)
7 users (show)

Fixed In Version: libvirt-0.10.2-10.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-21 07:27:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0276 0 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2013-02-20 21:18:26 UTC

Description Peter Krempa 2012-11-21 12:34:55 UTC 
Description of problem:
When starting a guest with broken image chain libvirt uses NULL as the image name

Version-Release number of selected component (if applicable):
ibvirt-0.10.2-9.el6

How reproducible:
100%

Steps to Reproduce:
 1: create image with backing file
 #qemu-img create -f qcow2 base.img 100M
 #qemu-img create -f qcow2 -b base.img leaf.img 
  check leaf.img
 #qemu-img info leaf.img
image: leaf.img
file format: qcow2
virtual size: 256K (262144 bytes)
disk size: 136K
cluster_size: 65536
backing file: base.img

  2: remove base.img

  3: add this img to a guest
......
 <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/var/lib/libvirt/images/leaf.img'/>
      <target dev='vdb' bus='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </disk>
.....

 
Actual results:
Usage of NULL pointers:
  error: Failed to start domain rhel6.4
  error: Unable to allow access for disk path (null): Bad address

Expected results:
Libvirt tries to start the guest, but qemu fails when trying to complete the chain.

Additional info:
This is triggered when detecting backing chains of a image. When the file is missing the detection is still done and fills NULL for the path of the image. Fortunately stat() and printf() are NULL-safe so this did not crash the daemon in this use case.
Comment 1 Peter Krempa 2012-11-21 12:37:31 UTC 
This problem is caused by a coincidence in upstream commits 82507838e073eb32e570a9bb2508c2863f20211e and e0c469e58b93f852a72265919703cb6abd3779f8 and was not present prior to these changes so I'm marking this as a regression.
Comment 2 Peter Krempa 2012-11-21 12:38:13 UTC 
Fix posted upstream:
http://www.redhat.com/archives/libvir-list/2012-November/msg00894.html
Comment 4 Peter Krempa 2012-11-22 15:13:05 UTC 
Fixed upstream:

commit 58a54dc37340113f83da587387a297d05d5342cf
Author: Peter Krempa <pkrempa>
Date:   Wed Nov 21 11:57:22 2012 +0100

    qemu: Stop recursive detection of image chains when an image is missing
    
    Commit e0c469e58b93f852a72265919703cb6abd3779f8 that fixes the detection
    of image chain wasn't complete. Iteration through the backing image
    chain has to stop at the last existing image if some of the images are
    missing otherwise the backing chain that is cached contains entries with
    paths being set to NULL resulting to:
    
    error: Unable to allow access for disk path (null): Bad address
    
    Fortunately stat() is kind enough not to crash when it's presented with
    a NULL argument. At least on Linux.
Comment 9 zhe peng 2012-11-30 06:19:18 UTC 
I can reporduce this with:
libvirt-0.10.2-9.el6

verify with :
libvirt-0.10.2-10.el6

step:
 same with bug description

when start guest ,will get error:
error: Failed to start domain rhel6.4
error: internal error Process exited while reading console log output: char device redirected to /dev/pts/2
qemu-kvm: -drive file=/var/lib/libvirt/images/leaf.img,if=none,id=drive-virtio-disk1,format=qcow2,cache=none: could not open disk image /var/lib/libvirt/images/leaf.img: No such file or directory

check libvirt log:
2012-11-30 20:11:07.309+0000: 960: error : absolutePathFromBaseFile:560 : Can't canonicalize path 'base.img': No such file or directory
2012-11-30 20:11:07.309+0000: 960: warning : virStorageFileGetMetadataFromBuf:736 : Backing file 'base.img' of image '/var/lib/libvirt/images/leaf.img' is missing.
2012-11-30 20:11:07.606+0000: 960: error : qemuProcessReadLogOutput:1401 : internal error Process exited while reading console log output: char device redirected to /dev/pts/2
qemu-kvm: -drive file=/var/lib/libvirt/images/leaf.img,if=none,id=drive-virtio-disk1,format=qcow2,cache=none: could not open disk image /var/lib/libvirt/images/leaf.img: No such file or directory

worked as expect, verification passed.
Comment 10 errata-xmlrpc 2013-02-21 07:27:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html
Note You need to log in before you can comment on or make changes to this bug.