Re: [libvirt] [PATCH] virNetDevMacVLanVPortProfileRegisterCallback: Fix segfault

On 24.04.2012 17:52, Michal Privoznik wrote: > Currently, we are calling memcpy(virtPortProfile, ...) unconditionally. > Which means if virtPortProfile is NULL we SIGSEGV. Therefore, add check > to call memcpy() conditionally. > (gdb) bt > #0 virNetDevMacVLanVPortProfileRegisterCallback (ifname=0x7ffff3f1ee60 "macvtap0", macaddress=0x7fffe8096e34 "RT", linkdev=0x7fffe8098b90 "eth0", > vmuuid=0x7fffe8099558 "l\220*\237u`\326\213\325\227F\f-B\bD0g\t\350\377\177", virtPortProfile=0x0, vmOp=VIR_NETDEV_VPORT_PROFILE_OP_CREATE) at /usr/include/bits/string3.h:52 > #1 0x00007ffff7782446 in virNetDevMacVLanCreateWithVPortProfile (tgifname=<optimized out>, macaddress=0x7fffe8096e34 "RT", linkdev=0x7fffe8098b90 "eth0", mode=<optimized out>, withTap=true, vnet_hdr=0, > vmuuid=0x7fffe8099558 "l\220*\237u`\326\213\325\227F\f-B\bD0g\t\350\377\177", virtPortProfile=0x0, res_ifname=0x7ffff3f1ef00, vmOp=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, > stateDir=0x7fffe800d900 "/var/run/libvirt/qemu", bandwidth=0x0) at util/virnetdevmacvlan.c:954 > #2 0x00000000004738d4 in qemuPhysIfaceConnect () > #3 0x000000000047e5f3 in qemuBuildCommandLine () > #4 0x000000000049a404 in qemuProcessStart () > #5 0x0000000000468ac9 in qemuDomainObjStart () > #6 0x0000000000469112 in qemuDomainStartWithFlags () > #7 0x00007ffff77ef0c6 in virDomainCreate (domain=0x768cb0) at libvirt.c:8162 > #8 0x000000000043e158 in remoteDispatchDomainCreateHelper () > #9 0x00007ffff783d835 in virNetServerProgramDispatchCall (msg=0x7fffe80cbe50, client=0x7699d0, server=0x7658a0, prog=0x770ab0) at rpc/virnetserverprogram.c:416 > #10 virNetServerProgramDispatch (prog=0x770ab0, server=0x7658a0, client=0x7699d0, msg=0x7fffe80cbe50) at rpc/virnetserverprogram.c:289 > #11 0x00007ffff7839961 in virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x7658a0) at rpc/virnetserver.c:161 > #12 0x00007ffff776c1ce in virThreadPoolWorker (opaque=<optimized out>) at util/threadpool.c:144 > #13 0x00007ffff776b876 in virThreadHelper (data=<optimized out>) at util/threads-pthread.c:161 > #14 0x00007ffff74f0e2c in start_thread () from /lib64/libpthread.so.0 > #15 0x00007ffff723766d in clone () from /lib64/libc.so.6 > --- > src/util/virnetdevmacvlan.c | 8 +++++--- > 1 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c > index 879d846..c2fd6d0 100644 > --- a/src/util/virnetdevmacvlan.c > +++ b/src/util/virnetdevmacvlan.c > @@ -769,9 +769,11 @@ virNetDevMacVLanVPortProfileRegisterCallback(const char *ifname, > goto memory_error; > if ((calld->cr_ifname = strdup(ifname)) == NULL) > goto memory_error; > - if (VIR_ALLOC(calld->virtPortProfile)< 0) > - goto memory_error; > - memcpy(calld->virtPortProfile, virtPortProfile, sizeof(*virtPortProfile)); > + if (virtPortProfile) { > + if (VIR_ALLOC(calld->virtPortProfile)< 0) > + goto memory_error; > + memcpy(calld->virtPortProfile, virtPortProfile, sizeof(*virtPortProfile)); > + } > if (VIR_ALLOC_N(calld->macaddress, VIR_MAC_BUFLEN)< 0) > goto memory_error; > memcpy(calld->macaddress, macaddress, VIR_MAC_BUFLEN); Self NACK; It turned out to be race because it's still reproducible in some cases: "if(virPortProfile)" evaluates to true; however gdb still catches SIGSEGV in memcpy(). Meanwhile, something free() virPortProfile, therefore gdb is unable to print any non-NULL value.

Maybe it's related to qemu process dying right after it was started.