-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 10/24/2013 02:52 AM, Martin Kletzander wrote: > On Wed, Oct 23, 2013 at 10:46:14AM -0700, Jeremy Fitzhardinge wrote: >> Hi all, >> >> I posted this bug (https://bugzilla.redhat.com/show_bug.cgi?id=1013045) >> to the Redhat Bugzilla a while ago, and the only response has been to >> post a note to this list about the bug. >> >> Summary below, but it looks like a pretty clear use-after-free or >> something. The full details are attached to the bug report. >> > > From the looks of the BZ, I think the probnlem found by valgrind (not > the one in libxl) is a different than the one which causes the > 'invalid free()', but anyway, I posted a patch [1] which might help > (read: fixes a problem found out thanks to the valgrind output), but I > have no way to test it. If you do, I would appreciate you trying > whether the issue gets fixed for you with that patch. I reverted your change then applied the following, which looks like it fixes the problem. Thanks, J commit 65d342a6df5e8020b682a6085aa7aced7215e93b Author: Jeremy Fitzhardinge <jeremy@xxxxxxxx> Date: Wed Oct 30 10:36:37 2013 -0700 libxl: fix dubious cpumask handling in libxlDomainSetVcpuAffinities Rather than casting the virBitmap pointer to uint8_t* and then using the structure contents as a byte array, use the virBitmap API to determine the bitmap size and test each bit. Signed-off-by: Jeremy Fitzhardinge <jeremy@xxxxxxxx> diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index e2a6d44..ab509a6 100644 - --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -448,7 +448,7 @@ libxlDomainSetVcpuAffinities(libxlDriverPrivatePtr driver, virDomainObjPtr vm) libxlDomainObjPrivatePtr priv = vm->privateData; virDomainDefPtr def = vm->def; libxl_bitmap map; - - uint8_t *cpumask = NULL; + virBitmapPtr cpumask = NULL; uint8_t *cpumap = NULL; virNodeInfo nodeinfo; size_t cpumaplen; @@ -468,10 +468,16 @@ libxlDomainSetVcpuAffinities(libxlDriverPrivatePtr driver, virDomainObjPtr vm) if (VIR_ALLOC_N(cpumap, cpumaplen) < 0) goto cleanup; - - cpumask = (uint8_t*) def->cputune.vcpupin[vcpu]->cpumask; + cpumask = def->cputune.vcpupin[vcpu]->cpumask; - - for (i = 0; i < VIR_DOMAIN_CPUMASK_LEN; ++i) { - - if (cpumask[i]) + for (i = 0; i < virBitmapSize(cpumask); ++i) { + bool bit; + if (virBitmapGetBit(cpumask, i, &bit) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to get cpumask bit '%zd' with libxenlight"), i); + goto cleanup; + } + if (bit) VIR_USE_CPU(cpumap, i); } > > > Thank you, > Martin > > [1] https://www.redhat.com/archives/libvir-list/2013-October/msg01075.html > >> Thanks, >> >> J >> >> >> -- >> Description of problem: >> When starting a Xen domain with libvirt + libxl, it crashes after >> creating the domain. The domain is left in a paused state, and works >> fine if manually unpaused with xl unpause. virt-manager never shows the >> domain as running. >> >> [...] >> >> Steps to Reproduce: >> 1. Open virt-manager >> 2. Connect to localhost (xen) >> 3. Start a domain >> >> Actual results: >> Domain is created in a paused state, virt-manager shows errors about >> losing connection to the daemon. Logs show libvirtd crashed. >> >> Expected results: >> Domain creation. >> >> Additional info: >> Sep 27 09:08:30 saboo libvirtd[24880]: *** Error in >> `/usr/sbin/libvirtd': free(): invalid next size (fast): >> 0x00007f82c8003210 *** >> Sep 27 09:08:30 saboo libvirtd[24880]: ======= Backtrace: ========= >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libc.so.6(+0x365b27d0e8)[0x7f82f5a7a0e8] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libvirt.so.0(virFree+0x1a)[0x7f82f8f07d5a] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /usr/lib64/libvirt/connection-driver/libvirt_driver_libxl.so(+0x14b6c)[0x7f82e032bb6c] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /usr/lib64/libvirt/connection-driver/libvirt_driver_libxl.so(+0x154d4)[0x7f82e032c4d4] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libvirt.so.0(virDomainCreate+0xf7)[0x7f82f8fdb6b7] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /usr/sbin/libvirtd(+0x350c7)[0x7f82f9a1a0c7] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libvirt.so.0(virNetServerProgramDispatch+0x3ba)[0x7f82f90314aa] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libvirt.so.0(+0x3a33f822d8)[0x7f82f902c2d8] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libvirt.so.0(+0x3a33ea0c15)[0x7f82f8f4ac15] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libvirt.so.0(+0x3a33ea0691)[0x7f82f8f4a691] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libpthread.so.0(+0x365ba07c53)[0x7f82f61ccc53] >> Sep 27 09:08:30 saboo libvirtd[24880]: >> /lib64/libc.so.6(clone+0x6d)[0x7f82f5af2d3d] >> >> >> >> -- >> libvir-list mailing list >> libvir-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/libvir-list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQEkBAEBCgAGBQJScUP4AAoJEAUkni6MUg7HuRwIQJF41DkVUDNeuYaQd+wzrT56 XJRvzuH5IKXw0SwgVv0q6cNQ0VfpSgLhIjUM2I3TIAs/d8JIqrBuV7Dy3D0y71Iz Kk+x01mSnT3N5uUi2PQqiJAPSDZanD0c//m5mDgUa5YcvY1RrG8toVbvewkZg36o 7kJPn8kGZPSVE7kw9o9GNeP8JSJHmEo6oJEyRwvIzGZtEV+zzEeOehM/mitF/N4X kewKFz6m4A/QFytasc43kOokQd6DWeSqF6lLT4Usi6uZ/ktikevrc843dd6OEzTl 9KV8L7lRaqY/z1/OiWtflMmZonadwFpTCS8R43zCf2TzHSFfRkqrzxQVSur+m9dX gvd+vyCPTg== =ItmR -----END PGP SIGNATURE----- -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list