Re: [PATCH 01/10] memory: make it safer to expand arrays

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/19/2010 12:33 AM, Wen Congyang wrote:
> At 2010-11-18 12:28, Eric Blake Write:
>> * src/util/memory.h (VIR_REALLOC_N): Update docs.
>> (VIR_EXPAND_N, VIR_SHRINK_N): New macros.
>> (virAlloc, virAllocN, virReallocN, virAllocVar, virFree): Add some
>> gcc attributes.
> 
> There may be a bug in this patch.

Well, it would be patch 3 that touched the file where your backtrace
points, so it would be the overall patch series and not this patch
(patch 1) to blame.

> Test the libvirtd without --dameon, I find that:
> [root@localhost newest]# libvirtd 
> Segmentation fault (core dumped)
> [root@localhost newest]# 
> 
> The folling is the output of the command 'gdb libvirtd core':
> [root@localhost newest]# gdb /usr/sbin/libvirtd core.8996 
> <snip>
> Core was generated by `libvirtd'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x000000000041a181 in qemudDispatchServer (server=0x209dcd0, sock=<value optimized out>) at libvirtd.c:1459
> 1459	    server->clients[server->nclients++] = client;
> <snip>
> (gdb) bt
> #0  0x000000000041a181 in qemudDispatchServer (server=0x209dcd0, sock=<value optimized out>) at libvirtd.c:1459
> #1  0x000000000041a6f1 in qemudDispatchServerEvent (watch=5, fd=8, events=1, opaque=0x209dcd0) at libvirtd.c:2225
> #2  0x0000000000415b71 in virEventDispatchHandles () at event.c:467
> #3  virEventRunOnce () at event.c:592
> #4  0x00000000004180e9 in qemudOneLoop () at libvirtd.c:2234
> #5  0x00000000004183db in qemudRunLoop (opaque=0x209dcd0) at libvirtd.c:2343
> #6  0x0000003ffec077e1 in start_thread () from /lib64/libpthread.so.0
> #7  0x0000003ffe4e153d in clone () from /lib64/libc.so.6
> (gdb) p server->clients
> $2 = (struct qemud_client **) 0x0

I'm having problems reproducing this, and don't see any obvious
explanations for this in the code.  qemuDispatchServer has:

    if (server->nclients >= max_clients) {
        VIR_ERROR(_("Too many active clients (%d), dropping connection
from %s"),
                  max_clients, addrstr);
        goto error;
    }

    if (VIR_RESIZE_N(server->clients, server->nclients_max,
                     server->nclients, 1) < 0) {
        VIR_ERROR0(_("Out of memory allocating clients"));
        goto error;
    }
...
    server->clients[server->nclients++] = client;

so the only way to get to the crashing line is to get through a
successful VIR_RESIZE_N, but VIR_RESIZE_N is not successful unless it
updates server->clients to be non-NULL.

Can you do any further debugging that might explain why it is failing
for you, and something I might have missed?

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]