Re: [Qemu-devel] [PATCH v1] exec: handle NULL pointer in flatview_read_continue

Olaf Hering Thu, 09 Aug 2018 07:53:00 -0700

Am Thu, 9 Aug 2018 16:38:16 +0200
schrieb Olaf Hering <o...@aepfle.de>:


> Someone familiar with that code has to figure that out. A ballooned page will 
> trigger that bug.

Indeed, xen-4.4 + qemu-3.0 crashes with ballooned pages. That can easily happen 
if the domU does readdir via NFS.

Olaf

Thread 1 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
0x00007f439593f2ee in __memcpy_sse2_unaligned () from /lib64/libc.so.6
#0  0x00007f439593f2ee in __memcpy_sse2_unaligned () at /lib64/libc.so.6
#1  0x000055c7f7c8ee14 in memcpy (__len=1, __src=<optimized out>, 
__dest=0x7fff6819bc68) at /usr/include/bits/string3.h:53
#2  0x000055c7f7c8ee14 in flatview_read_continue (fv=0x55c7f99350f0, 
addr=3833593856, attrs=..., buf=0x7fff6819bc68 "", len=1, addr1=3833593856, 
l=1, mr=0x55c7f88309a0 <ram_memory>)
    at /usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/exec.c:3321
#3  0x000055c7f7c8efef in flatview_read (fv=0x55c7f99350f0, addr=3833593856, 
attrs=..., buf=0x7fff6819bc68 "", len=1) at 
/usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/exec.c:3354
#4  0x000055c7f7c8f11f in address_space_read_full (as=<optimized out>, 
addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>)
    at /usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/exec.c:3367
#5  0x000055c7f7c8f337 in cpu_physical_memory_rw (addr=<optimized out>, 
buf=<optimized out>, len=<optimized out>, is_write=<optimized out>)
    at /usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/exec.c:3404
#6  0x000055c7f7d980a6 in read_phys_req_item (val=0x7fff6819bc68, i=0, 
req=0x7fff6819bc60, addr=<optimized out>)
    at 
/usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/hw/i386/xen/xen-hvm.c:841
#7  0x000055c7f7d980a6 in cpu_ioreq_move (req=0x7fff6819bc60) at 
/usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/hw/i386/xen/xen-hvm.c:904
#8  0x000055c7f7d980a6 in handle_ioreq (state=<optimized out>, 
req=0x7fff6819bc60) at 
/usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/hw/i386/xen/xen-hvm.c:1046
#9  0x000055c7f7d99b85 in cpu_handle_ioreq (opaque=0x55c7f90fe360) at 
/usr/src/debug/qemu-3.0-20180807T172617.6ad9080538/hw/i386/xen/xen-hvm.c:1153
#10 0x000055c7f811e288 in aio_dispatch_handlers (ctx=0x55c7f9052130) at 
util/aio-posix.c:406
#11 0x000055c7f811ec48 in aio_dispatch (ctx=0x55c7f9052130) at 
util/aio-posix.c:437
#12 0x000055c7f811a75e in aio_ctx_dispatch (source=<optimized out>, 
callback=<optimized out>, user_data=<optimized out>) at util/async.c:261
#13 0x00007f43965d6134 in g_main_context_dispatch () at 
/usr/lib64/libglib-2.0.so.0
#14 0x000055c7f811dca7 in glib_pollfds_poll () at util/main-loop.c:215
#15 0x000055c7f811dca7 in os_host_main_loop_wait (timeout=<optimized out>) at 
util/main-loop.c:238
#16 0x000055c7f811dca7 in main_loop_wait (nonblocking=<optimized out>) at 
util/main-loop.c:497
#17 0x000055c7f7e129c2 in main_loop () at vl.c:1866
#18 0x000055c7f7c7efdc in main ()

pgpg8DRYs_2yO.pgp
Description: Digitale Signatur von OpenPGP

Re: [Qemu-devel] [PATCH v1] exec: handle NULL pointer in flatview_read_continue

Reply via email to