889135 – core trace/dump if specify the value of physical_block_size/logical_block_size is not multiple of 512 bytes

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 889135 - core trace/dump if specify the value of physical_block_size/logical_block_size is not multiple of 512 bytes

Summary: core trace/dump if specify the value of physical_block_size/logical_block_siz...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Stefan Hajnoczi
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-12-20 10:13 UTC by Sibiao Luo
Modified:	2013-11-21 06:26 UTC (History)
CC List:	16 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.361.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-21 06:26:58 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
guest call trace logs. (21.27 KB, text/plain) 2012-12-20 10:14 UTC, Sibiao Luo	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:1553	0	normal	SHIPPED_LIVE	Important: qemu-kvm security, bug fix, and enhancement update	2013-11-20 21:40:29 UTC

Description Sibiao Luo 2012-12-20 10:13:44 UTC

Description of problem:
the disk block sizes are multiple of 512 bytes, but if specify the value of virtio_blk/scsi-hd/scsi-disk disk is not multiple of 512 bytes, it cause the guest call trace for virtio_blk and qemu core dump for scsi-hd/scsi-disk. I think that's insufferable for users, maybe the qemu should give some prompts or forbit it. 

Version-Release number of selected component (if applicable):
host info:
# uname -r && rpm -q qemu-kvm
2.6.32-348.el6.x86_64
qemu-kvm-0.12.1.2-2.346.el6.x86_64
guest info:
# uname -r
2.6.32-348.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
- for scsi-hd/disk
1.boot guest.
e.g:...-drive file=/home/my-data-disk.raw,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-scsi-pci,bus=pci.0,addr=0x6,id=scsi0 -device scsi-hd,drive=drive-data-disk,bus=scsi0.0,id=data-disk,physical_block_size=1000,logical_block_size=1000

- for virtio-blk.
1.boot guest.
e.g:...-drive file=/home/my-data-disk.raw,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x6,scsi=off,drive=drive-data-disk,id=data-disk,physical_block_size=1000,logical_block_size=1000

Actual results:
- for scsi-hd/disk
after step 1, the qemu will core dump.
(qemu) Failed to allocate 4096 B: Invalid argument

Program received signal SIGABRT, Aborted.
0x00007ffff57448a5 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff57448a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff5746085 in abort () from /lib64/libc.so.6
#2  0x00007ffff7e1ead8 in qemu_memalign (alignment=1000, size=4096) at /usr/src/debug/qemu-kvm-0.12.1.2/osdep.c:112
#3  0x00007ffff7e5a162 in scsi_disk_emulate_command (req=0x7fffe8000910, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1228
#4  scsi_send_command (req=0x7fffe8000910, buf=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1470
#5  0x00007ffff7e57181 in scsi_req_enqueue (req=0x7fffe8000910) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:665
#6  0x00007ffff7dfb7d4 in virtio_scsi_handle_cmd (vdev=0x7ffff8781d10, vq=0x7ffff9186f00) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-scsi.c:515
#7  0x00007ffff7e04fc5 in kvm_handle_io (env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/kvm-all.c:147
#8  kvm_run (env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1048
#9  0x00007ffff7e05079 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1743
#10 0x00007ffff7e05f5d in kvm_main_loop_cpu (_env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2004
#11 ap_main_loop (_env=0x7ffff870fff0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2060
#12 0x00007ffff773b851 in start_thread () from /lib64/libpthread.so.0
#13 0x00007ffff57fa90d in clone () from /lib64/libc.so.6
(gdb)

- for virtio-blk.
after step 1, the guest will call trace, i will attach the log later.
...
Stack:
 ffff88000001a718 0000000000000000 ffff88007ca2b668 ffffea0001ac0b88
<d> ffff88007a5d5938 ffffffff811b7088 ffff88000002bb08 ffffea0001ac0b88
<d> ffff880000002000 ffff88007ca2b548 00000000000000d0 0000000000000000
Call Trace:
 [<ffffffff811b7088>] block_read_full_page+0x2d8/0x3d0
 [<ffffffff811baea0>] ? blkdev_get_block+0x0/0x70
 [<ffffffff811753a0>] ? mem_cgroup_cache_charge+0xc0/0xd0
 [<ffffffff8113b3ae>] ? __inc_zone_page_state+0x2e/0x30
 [<ffffffff8112fb60>] ? __lru_cache_add+0x40/0x90
 [<ffffffff811bc0c8>] blkdev_readpage+0x18/0x20
 [<ffffffff8111bb7b>] do_read_cache_page+0x7b/0x180
 [<ffffffff811bc0b0>] ? blkdev_readpage+0x0/0x20
 [<ffffffff8111bcc9>] read_cache_page_async+0x19/0x20
 [<ffffffff8111bcde>] read_cache_page+0xe/0x20
 [<ffffffff811f4e20>] read_dev_sector+0x30/0xa0
 [<ffffffff811f7a41>] read_lba+0x101/0x110
 [<ffffffff811f7f21>] find_valid_gpt+0xc1/0x650
 [<ffffffff8106f181>] ? vprintk+0x251/0x560
 [<ffffffff811f852f>] efi_partition+0x7f/0x370
 [<ffffffff8150c86f>] ? printk+0x41/0x4a
 [<ffffffff811f5606>] rescan_partitions+0x196/0x410
 [<ffffffff811bc9b6>] __blkdev_get+0x1b6/0x3b0
 [<ffffffff811bcbc0>] blkdev_get+0x10/0x20
 [<ffffffff811f4fe5>] register_disk+0x155/0x170
 [<ffffffff812657d6>] add_disk+0xa6/0x1a0
 [<ffffffffa006d0ca>] virtblk_probe+0x42b/0x4d0 [virtio_blk]
 [<ffffffffa003d370>] virtio_dev_probe+0xd0/0x110 [virtio]
 [<ffffffff8135e600>] driver_probe_device+0xa0/0x2a0
 [<ffffffff8135e8ab>] __driver_attach+0xab/0xb0
 [<ffffffff8135e800>] ? __driver_attach+0x0/0xb0
 [<ffffffff8135dbb4>] bus_for_each_dev+0x64/0x90
 [<ffffffff8135e39e>] driver_attach+0x1e/0x20
 [<ffffffff8135d3e8>] bus_add_driver+0x1e8/0x2b0
 [<ffffffff8135ebf6>] driver_register+0x76/0x140
 [<ffffffffa0070000>] ? init+0x0/0x85 [virtio_blk]
 [<ffffffffa003d52d>] register_virtio_driver+0x1d/0x2c [virtio]
 [<ffffffffa007005b>] init+0x5b/0x85 [virtio_blk]
 [<ffffffff8100204c>] do_one_initcall+0x3c/0x1d0
 [<ffffffff810b7491>] sys_init_module+0xe1/0x250
 [<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
...

Expected results:
no any call trace/dump, the qemu should give some prompts or forbit it. 

Additional info:

Comment 1 Sibiao Luo 2012-12-20 10:14:32 UTC

Created attachment 666578 [details]
guest call trace logs.

Comment 2 juzhang 2012-12-20 10:22:16 UTC

Seems physical_block_size and logical_block_siz only can be set 512 or 4096. A little aggressive.

Comment 4 RHEL Program Management 2012-12-24 06:47:31 UTC

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 5 Paolo Bonzini 2013-01-09 13:44:31 UTC

Assigning to Stefan, he did the upstream patch.  Are these in the whitelist though?

Comment 6 Stefan Hajnoczi 2013-01-22 10:48:48 UTC

Thanks Paolo and sorry for the late response.

Here's the error message we get upstream:
$ qemu-system-x86_64 -drive file=test.img,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x6,scsi=off,drive=drive-data-disk,id=data-disk,physical_block_size=1000,logical_block_size=1000
qemu-system-x86_64: -device virtio-blk-pci,bus=pci.0,addr=0x6,scsi=off,drive=drive-data-disk,id=data-disk,physical_block_size=1000,logical_block_size=1000: Property data-disk.physical_block_size doesn't take value '1000', it's not a power of 2

Let's backport the fix for RHEL 6.5.

Comment 18 langfang 2013-07-01 07:22:10 UTC

Reproduce this bug as follow version:
Host
# uname -r
2.6.32-393.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.356.el6.x86_64

Guest:win2012-64

Steps:
1.Boot guest with 
-drive file=/root/test1.raw,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop -device virtio-scsi-pci,bus=pci.0,addr=0x6,id=scsi0 -device scsi-hd,drive=drive-data-disk,bus=scsi0.0,id=data-disk,physical_block_size=1000,logical_block_size=1000

Results:
(gdb) bt
#0  0x00007ffff57428a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff5744085 in abort () from /lib64/libc.so.6
#2  0x00007ffff7e1ef48 in qemu_memalign (alignment=1000, size=4096)
    at /usr/src/debug/qemu-kvm-0.12.1.2/osdep.c:112
#3  0x00007ffff7e5a632 in scsi_disk_emulate_command (req=0x7fffe8000910, 
    buf=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1228
#4  scsi_send_command (req=0x7fffe8000910, buf=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-disk.c:1470
#5  0x00007ffff7e57651 in scsi_req_enqueue (req=0x7fffe8000910)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:665
#6  0x00007ffff7df9de4 in virtio_scsi_handle_cmd (vdev=0x7ffff8791ee0, 
    vq=0x7ffff91a3310) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-scsi.c:515
#7  0x00007ffff7e03825 in kvm_handle_io (env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/kvm-all.c:147
#8  kvm_run (env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1048
#9  0x00007ffff7e038d9 in kvm_cpu_exec (env=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1743
#10 0x00007ffff7e047bd in kvm_main_loop_cpu (_env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2004
#11 ap_main_loop (_env=0x7ffff870df30)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2060
---Type <return> to continue, or q <return> to quit---
#12 0x00007ffff7739851 in start_thread () from /lib64/libpthread.so.0
#13 0x00007ffff57f890d in clone () from /lib64/libc.so.6
(gdb) 


Verify this bug as follow version:
Host
# uname -r 
2.6.32-393.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.377.el6.x86_64

steps as same as reproduce

Results:Error info

qemu-kvm: -device scsi-hd,drive=drive-data-disk,bus=scsi0.0,id=data-disk,physical_block_size=1000,logical_block_size=1000: Property 'scsi-hd.physical_block_size' doesn't take value '1000'

Addtional info:
1)I also tried  virtio-blk and ide-drive.Also can give error info:
...
qemu-kvm: -device ide-drive,drive=drive-data-disk,id=data-disk,physical_block_size=3000,logical_block_size=3000: Property 'ide-drive.physical_block_size' doesn't take value '3000'

2)Also test other values ,can give error info.
...physical_block_size=2000,logical_block_size=2000...
...physical_block_size=3000,logical_block_size=3000...

According to above test ,this bug fixed.

Comment 20 errata-xmlrpc 2013-11-21 06:26:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1553.html

Note You need to log in before you can comment on or make changes to this bug.