Bug 889135 – core trace/dump if specify the value of physical_block_size/logical_block_size is not multiple of 512 bytes

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 889135 - core trace/dump if specify the value of physical_block_size/logical_block_size is not multiple of 512 bytes

Summary:	core trace/dump if specify the value of physical_block_size/logical_block_siz...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm (Show other bugs)
Sub Component:
Version:	6.4
Hardware:	Unspecified Unspecified

Priority	medium Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	Stefan Hajnoczi
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-12-20 05:13 EST by Sibiao Luo
Modified:	2013-11-21 01:26 EST (History)
CC List:	16 users (show)

See Also:
Fixed In Version:	qemu-kvm-0.12.1.2-2.361.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-11-21 01:26:58 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
guest call trace logs. (21.27 KB, text/plain) 2012-12-20 05:14 EST, Sibiao Luo	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:1553	normal	SHIPPED_LIVE	Important: qemu-kvm security, bug fix, and enhancement update	2013-11-20 16:40:29 EST

Groups: None (edit)

Description Sibiao Luo 2012-12-20 05:13:44 EST

Description of problem:
the disk block sizes are multiple of 512 bytes, but if specify the value of virtio_blk/scsi-hd/scsi-disk disk is not multiple of 512 bytes, it cause the guest call trace for virtio_blk and qemu core dump for scsi-hd/scsi-disk. I think that's insufferable for users, maybe the qemu should give some prompts or forbit it. 

Version-Release number of selected component (if applicable):
host info:
# uname -r && rpm -q qemu-kvm
2.6.32-348.el6.x86_64
qemu-kvm-0.12.1.2-2.346.el6.x86_64
guest info:
# uname -r
2.6.32-348.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
- for scsi-hd/disk
1.boot guest.
e.g:...-drive file=/home/my-data-disk.raw,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-scsi-pci,bus=pci.0,addr=0x6,id=scsi0 -device scsi-hd,drive=drive-data-disk,bus=scsi0.0,id=data-disk,physical_block_size=1000,logical_block_size=1000

- for virtio-blk.
1.boot guest.
e.g:...-drive file=/home/my-data-disk.raw,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x6,scsi=off,drive=drive-data-disk,id=data-disk,physical_block_size=1000,logical_block_size=1000

Actual results:
- for scsi-hd/disk
after step 1, the qemu will core dump.
(qemu) Failed to allocate 4096 B: Invalid argument

Program received signal SIGABRT, Aborted.
0x00007ffff57448a5 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff57448a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff5746085 in abort () from /lib64/libc.so.6
#2  0x00007ffff7e1ead8 in qemu_memalign (alignment=1000, size=4096) at /usr/src/debug/qemu-kvm-0.12.1.2/osdep.c:112
#3  0x00007ffff7e5a162 in scsi_disk_emulate_command (req=0x7fffe8000910, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1228
#4  scsi_send_command (req=0x7fffe8000910, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1470
#5  0x00007ffff7e57181 in scsi_req_enqueue (req=0x7fffe8000910) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:665
#6  0x00007ffff7dfb7d4 in virtio_scsi_handle_cmd (vdev=0x7ffff8781d10, vq=0x7ffff9186f00) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-scsi.c:515
#7  0x00007ffff7e04fc5 in kvm_handle_io (env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/kvm-all.c:147
#8  kvm_run (env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1048
#9  0x00007ffff7e05079 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1743
#10 0x00007ffff7e05f5d in kvm_main_loop_cpu (_env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2004
#11 ap_main_loop (_env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2060
#12 0x00007ffff773b851 in start_thread () from /lib64/libpthread.so.0
#13 0x00007ffff57fa90d in clone () from /lib64/libc.so.6
(gdb)

- for virtio-blk.
after step 1, the guest will call trace, i will attach the log later.
...
Stack:
 ffff88000001a718 0000000000000000 ffff88007ca2b668 ffffea0001ac0b88
<d> ffff88007a5d5938 ffffffff811b7088 ffff88000002bb08 ffffea0001ac0b88
<d> ffff880000002000 ffff88007ca2b548 00000000000000d0 0000000000000000
Call Trace:
 [<ffffffff811b7088>] block_read_full_page+0x2d8/0x3d0
 [<ffffffff811baea0>] ? blkdev_get_block+0x0/0x70
 [<ffffffff811753a0>] ? mem_cgroup_cache_charge+0xc0/0xd0
 [<ffffffff8113b3ae>] ? __inc_zone_page_state+0x2e/0x30
 [<ffffffff8112fb60>] ? __lru_cache_add+0x40/0x90
 [<ffffffff811bc0c8>] blkdev_readpage+0x18/0x20
 [<ffffffff8111bb7b>] do_read_cache_page+0x7b/0x180
 [<ffffffff811bc0b0>] ? blkdev_readpage+0x0/0x20
 [<ffffffff8111bcc9>] read_cache_page_async+0x19/0x20
 [<ffffffff8111bcde>] read_cache_page+0xe/0x20
 [<ffffffff811f4e20>] read_dev_sector+0x30/0xa0
 [<ffffffff811f7a41>] read_lba+0x101/0x110
 [<ffffffff811f7f21>] find_valid_gpt+0xc1/0x650
 [<ffffffff8106f181>] ? vprintk+0x251/0x560
 [<ffffffff811f852f>] efi_partition+0x7f/0x370
 [<ffffffff8150c86f>] ? printk+0x41/0x4a
 [<ffffffff811f5606>] rescan_partitions+0x196/0x410
 [<ffffffff811bc9b6>] __blkdev_get+0x1b6/0x3b0
 [<ffffffff811bcbc0>] blkdev_get+0x10/0x20
 [<ffffffff811f4fe5>] register_disk+0x155/0x170
 [<ffffffff812657d6>] add_disk+0xa6/0x1a0
 [<ffffffffa006d0ca>] virtblk_probe+0x42b/0x4d0 [virtio_blk]
 [<ffffffffa003d370>] virtio_dev_probe+0xd0/0x110 [virtio]
 [<ffffffff8135e600>] driver_probe_device+0xa0/0x2a0
 [<ffffffff8135e8ab>] __driver_attach+0xab/0xb0
 [<ffffffff8135e800>] ? __driver_attach+0x0/0xb0
 [<ffffffff8135dbb4>] bus_for_each_dev+0x64/0x90
 [<ffffffff8135e39e>] driver_attach+0x1e/0x20
 [<ffffffff8135d3e8>] bus_add_driver+0x1e8/0x2b0
 [<ffffffff8135ebf6>] driver_register+0x76/0x140
 [<ffffffffa0070000>] ? init+0x0/0x85 [virtio_blk]
 [<ffffffffa003d52d>] register_virtio_driver+0x1d/0x2c [virtio]
 [<ffffffffa007005b>] init+0x5b/0x85 [virtio_blk]
 [<ffffffff8100204c>] do_one_initcall+0x3c/0x1d0
 [<ffffffff810b7491>] sys_init_module+0xe1/0x250
 [<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
...

Expected results:
no any call trace/dump, the qemu should give some prompts or forbit it. 

Additional info:

Comment 1 Sibiao Luo 2012-12-20 05:14:32 EST

Created attachment 666578 [details]
guest call trace logs.

Comment 2 juzhang 2012-12-20 05:22:16 EST

Seems physical_block_size and logical_block_siz only can be set 512 or 4096. A little aggressive.

Comment 4 RHEL Product and Program Management 2012-12-24 01:47:31 EST

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 5 Paolo Bonzini 2013-01-09 08:44:31 EST

Assigning to Stefan, he did the upstream patch.  Are these in the whitelist though?

Comment 6 Stefan Hajnoczi 2013-01-22 05:48:48 EST

Thanks Paolo and sorry for the late response.

Here's the error message we get upstream:
$ qemu-system-x86_64 -drive file=test.img,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x6,scsi=off,drive=drive-data-disk,id=data-disk,physical_block_size=1000,logical_block_size=1000
qemu-system-x86_64: -device virtio-blk-pci,bus=pci.0,addr=0x6,scsi=off,drive=drive-data-disk,id=data-disk,physical_block_size=1000,logical_block_size=1000: Property data-disk.physical_block_size doesn't take value '1000', it's not a power of 2

Let's backport the fix for RHEL 6.5.

Comment 18 langfang 2013-07-01 03:22:10 EDT

Reproduce this bug as follow version:
Host
# uname -r
2.6.32-393.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.356.el6.x86_64

Guest:win2012-64

Steps:
1.Boot guest with 
-drive file=/root/test1.raw,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-scsi-pci,bus=pci.0,addr=0x6,id=scsi0 -device scsi-hd,drive=drive-data-disk,bus=scsi0.0,id=data-disk,physical_block_size=1000,logical_block_size=1000

Results:
(gdb) bt
#0  0x00007ffff57428a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff5744085 in abort () from /lib64/libc.so.6
#2  0x00007ffff7e1ef48 in qemu_memalign (alignment=1000, size=4096)
    at /usr/src/debug/qemu-kvm-0.12.1.2/osdep.c:112
#3  0x00007ffff7e5a632 in scsi_disk_emulate_command (req=0x7fffe8000910, 
    buf=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1228
#4  scsi_send_command (req=0x7fffe8000910, buf=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1470
#5  0x00007ffff7e57651 in scsi_req_enqueue (req=0x7fffe8000910)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:665
#6  0x00007ffff7df9de4 in virtio_scsi_handle_cmd (vdev=0x7ffff8791ee0, 
    vq=0x7ffff91a3310) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-scsi.c:515
#7  0x00007ffff7e03825 in kvm_handle_io (env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/kvm-all.c:147
#8  kvm_run (env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1048
#9  0x00007ffff7e038d9 in kvm_cpu_exec (env=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1743
#10 0x00007ffff7e047bd in kvm_main_loop_cpu (_env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2004
#11 ap_main_loop (_env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2060
---Type <return> to continue, or q <return> to quit---
#12 0x00007ffff7739851 in start_thread () from /lib64/libpthread.so.0
#13 0x00007ffff57f890d in clone () from /lib64/libc.so.6
(gdb) 


Verify this bug as follow version:
Host
# uname -r 
2.6.32-393.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.377.el6.x86_64

steps as same as reproduce

Results:Error info

qemu-kvm: -device scsi-hd,drive=drive-data-disk,bus=scsi0.0,id=data-disk,physical_block_size=1000,logical_block_size=1000: Property 'scsi-hd.physical_block_size' doesn't take value '1000'

Addtional info:
1)I also tried  virtio-blk and ide-drive.Also can give error info:
...
qemu-kvm: -device ide-drive,drive=drive-data-disk,id=data-disk,physical_block_size=3000,logical_block_size=3000: Property 'ide-drive.physical_block_size' doesn't take value '3000'

2)Also test other values ,can give error info.
...physical_block_size=2000,logical_block_size=2000...
...physical_block_size=3000,logical_block_size=3000...

According to above test ,this bug fixed.

Comment 20 errata-xmlrpc 2013-11-21 01:26:58 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1553.html

Note You need to log in before you can comment on or make changes to this bug.