From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:38406) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UehAV-0000eK-VM for qemu-devel@nongnu.org; Tue, 21 May 2013 03:39:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UehAR-0000IN-1h for qemu-devel@nongnu.org; Tue, 21 May 2013 03:39:35 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59825) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UehAQ-0000IF-Qa for qemu-devel@nongnu.org; Tue, 21 May 2013 03:39:30 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r4L7dT5t028524 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 21 May 2013 03:39:29 -0400 Date: Tue, 21 May 2013 08:39:25 +0100 From: "Richard W.M. Jones" Message-ID: <20130521073925.GL4515@redhat.com> References: <1369033424-14594-1-git-send-email-famz@redhat.com> <20130520084106.GC18311@redhat.com> <20130520084959.GA20976@redhat.com> <20130521015415.GA7100@localhost.nay.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130521015415.GA7100@localhost.nay.redhat.com> Subject: Re: [Qemu-devel] [PATCH v3 00/10] curl: fix curl read List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org, kwolf@redhat.com, jcody@redhat.com, stefanha@redhat.com On Tue, May 21, 2013 at 09:54:15AM +0800, Fam Zheng wrote: > On Mon, 05/20 09:49, Richard W.M. Jones wrote: > > On Mon, May 20, 2013 at 09:41:06AM +0100, Richard W.M. Jones wrote: > > > On Mon, May 20, 2013 at 03:03:34PM +0800, Fam Zheng wrote: > > > > CURL library API has changed, the current curl driver is not working. > > > > This patch rewrites the use of API as well as the structure of internal > > > > states. > > > > > > I tried this, but it segfaults: > > > > > > Program terminated with signal 11, Segmentation fault. > > > > That stack trace was wrong. I was testing against the version of > > libcurl in Fedora which is known to be broken. > > > > Here is the stack trace, this time really running against > > curl-7_30_0-147-gae26ee3: > > > > Program terminated with signal 11, Segmentation fault. > > #0 curl_read_cb (ptr=, size=, > > nmemb=, opaque=0x7f63d48ba340) at block/curl.c:240 > > 240 size_t aio_base = acb->sector_num * SECTOR_SIZE; > > Looks like a memory corrupt (QLIST head is invalid pointer). But I can't > reproduce here with your steps. Can you try qemu-io? > > $LD_LIBRARY_PATH=~/d/curl/lib/.libs ~/d/qemu/qemu-io http://192.168.0.249/scratch/winxp.img -c 'read 0 512' This command is successful: $ LD_LIBRARY_PATH=~/d/curl/lib/.libs ~/d/qemu/qemu-io http://192.168.0.249/scratch/winxp.img -c 'read 0 512' read 512/512 bytes at offset 0 512 bytes, 1 ops; 0.0000 sec (32.552 MiB/sec and 66666.6667 ops/sec) $ echo $? 0 Here's another go with guestfish: $ ulimit -c unlimited $ LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1 LIBGUESTFS_BACKEND=direct LIBGUESTFS_QEMU=~/d/qemu/qemu.wrapper LD_LIBRARY_PATH=~/d/curl/lib/.libs PATH=~/d/qemu:$PATH ./run ./fish/guestfish -a http://192.168.0.249/scratch/winxp.img -i [...] [00159ms] /home/rjones/d/qemu/qemu.wrapper \ -global virtio-blk-pci.scsi=off \ -nodefconfig \ -nodefaults \ -nographic \ -device virtio-scsi-pci,id=scsi \ -drive file=http://192.168.0.249/scratch/winxp.img,id=hd0,if=none \ -device scsi-hd,drive=hd0 \ -drive file=/home/rjones/d/libguestfs/tmp/.guestfs-1000/root.15535,snapshot=on,id=appliance,if=none,cache=unsafe \ -device scsi-hd,drive=appliance \ -machine accel=kvm:tcg \ -m 500 \ -no-reboot \ -no-hpet \ -device virtio-serial \ -serial stdio \ -device sga \ -chardev socket,path=/home/rjones/d/libguestfs/tmp/libguestfsk9fu9P/guestfsd.sock,id=channel0 \ -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ -kernel /home/rjones/d/libguestfs/tmp/.guestfs-1000/kernel.15535 \ -initrd /home/rjones/d/libguestfs/tmp/.guestfs-1000/initrd.15535 \ -append 'panic=1 console=ttyS0 udevtimeout=600 no_timer_check acpi=off printk.time=1 cgroup_disable=memory root=/dev/sdb selinux=0 guestfs_verbose=1 TERM=xterm-256color'libguestfs: error: appliance closed the connection unexpectedly, see earlier error messages libguestfs: child_cleanup: 0x1db0090: child process died libguestfs: sending SIGTERM to process 15600 libguestfs: error: /home/rjones/d/qemu/qemu.wrapper killed by signal 11 (Segmentation fault), see debug messages above libguestfs: error: guestfs_launch failed, see earlier error messages libguestfs: trace: launch = -1 (error) [...] $ file /tmp/core.15600 /tmp/core.15600: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/home/rjones/d/qemu/x86_64-softmmu/qemu-system-x86_64 -L /home/rjones/d/qemu/pc' $ gdb /home/rjones/d/qemu/x86_64-softmmu/qemu-system-x86_64 /tmp/core.15600 [stack trace is the same as before] #0 curl_read_cb (ptr=, size=, nmemb=, opaque=0x7f4d3c769360) at block/curl.c:240 240 size_t aio_base = acb->sector_num * SECTOR_SIZE; (gdb) print acb $1 = (CURLAIOCB *) 0x7575757575757575 Looks like use-after-free? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top