[Qemu-devel] virtio-9p.c:401: v9fs_string_sprintf: Assertion `!(err == -1)' failed.

[Qemu-devel] virtio-9p.c:401: v9fs_string_sprintf: Assertion `!(err == -1)' failed.

[Gerd Hoffmann]

  Hi,

$subject says all ...

Triggered by mounting the filesystem.  F14 guest.

(gdb) #0  0x000000399f4329c5 in raise () from /lib64/libc.so.6
#1  0x000000399f4341a5 in abort () from /lib64/libc.so.6
#2  0x000000399f42b955 in __assert_fail () from /lib64/libc.so.6
#3  0x00000000004209a4 in v9fs_string_sprintf (str=0x1bc9560, 
fmt=0x5d31e4 "%s %lu")
     at /home/kraxel/projects/qemu/hw/virtio-9p.c:401
#4  0x0000000000423bcb in stat_to_v9stat (s=0x7f524d3ef010, 
name=0x1baf658, stbuf=0x1bc9588,
     v9stat=0x1bc94f0) at /home/kraxel/projects/qemu/hw/virtio-9p.c:1039
#5  0x0000000000423d27 in v9fs_stat_post_lstat (s=0x7f524d3ef010, 
pdu=<value optimized out>)
     at /home/kraxel/projects/qemu/hw/virtio-9p.c:1229
#6  v9fs_stat (s=0x7f524d3ef010, pdu=<value optimized out>)
     at /home/kraxel/projects/qemu/hw/virtio-9p.c:1263
#7  0x000000000041f8a8 in submit_pdu (vdev=0x7f524d3ef010, vq=0x1aed390)
     at /home/kraxel/projects/qemu/hw/virtio-9p.c:3452
#8  handle_9p_output (vdev=0x7f524d3ef010, vq=0x1aed390)
     at /home/kraxel/projects/qemu/hw/virtio-9p.c:3474
#9  0x0000000000428e66 in kvm_handle_io (env=0x1665800) at 
/home/kraxel/projects/qemu/kvm-all.c:741
#10 kvm_cpu_exec (env=0x1665800) at /home/kraxel/projects/qemu/kvm-all.c:882
#11 0x00000000004d596f in cpu_x86_exec (env1=<value optimized out>)
     at /home/kraxel/projects/qemu/cpu-exec.c:338
#12 0x000000000040b468 in qemu_cpu_exec () at 
/home/kraxel/projects/qemu/cpus.c:767
#13 cpu_exec_all () at /home/kraxel/projects/qemu/cpus.c:795
#14 0x0000000000561d35 in main_loop (argc=<value optimized out>, 
argv=<value optimized out>,
     envp=<value optimized out>) at /home/kraxel/projects/qemu/vl.c:1331
#15 main (argc=<value optimized out>, argv=<value optimized out>, 
envp=<value optimized out>)
     at /home/kraxel/projects/qemu/vl.c:3036


cheers,
   Gerd

Re: [Qemu-devel] virtio-9p.c:401: v9fs_string_sprintf: Assertion `!(err == -1)' failed.

[Stefan Hajnoczi]

On a related note, there are more uses of BUG_ON() in hw/virtio-9p.c
which can be triggered from the guest:

submit_pdu():
    BUG_ON(pdu->id >= ARRAY_SIZE(pdu_handlers));
    BUG_ON(handler == NULL);

handle_9p_output():
        BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0);
        BUG_ON(pdu->elem.out_sg[0].iov_len < 7);

These should be handled by skipping the bad virtqueue element.  We
could also reset the device but that may freak out the (bad) guest.

Stefan

Re: [Qemu-devel] virtio-9p.c:401: v9fs_string_sprintf: Assertion `!(err == -1)' failed.

[Venkateswararao Jujjuri (JV)]

On 10/6/2010 7:42 AM, Stefan Hajnoczi wrote:
> On a related note, there are more uses of BUG_ON() in hw/virtio-9p.c
> which can be triggered from the guest:
> 
> submit_pdu():
>     BUG_ON(pdu->id >= ARRAY_SIZE(pdu_handlers));
>     BUG_ON(handler == NULL);
> 
> handle_9p_output():
>         BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0);
>         BUG_ON(pdu->elem.out_sg[0].iov_len < 7);
> 

yeah.. these BUG_ONs make sense only if we "trust" the client.

> These should be handled by skipping the bad virtqueue element.  We
> could also reset the device but that may freak out the (bad) guest.

May be log an error and skip it?  Reset is not a bad idea..if we decided to punish
the client for sending something that is not acceptable. .. any comments?

- JV

> 
> Stefan
> 

Re: [Qemu-devel] virtio-9p.c:401: v9fs_string_sprintf: Assertion `!(err == -1)' failed.

[Venkateswararao Jujjuri (JV)]

On 10/6/2010 5:48 AM, Gerd Hoffmann wrote:
>  Hi,
> 
> $subject says all ...
> 
> Triggered by mounting the filesystem.  F14 guest.
> 

Ah. This is introduced by c9ba47dc5d8679efa4d5425aa27e0f8132920fb5
v9fs_string_sprintf() doesn't support %lu. I will send a patch to fix this shortly.

- JV

> (gdb) #0  0x000000399f4329c5 in raise () from /lib64/libc.so.6
> #1  0x000000399f4341a5 in abort () from /lib64/libc.so.6
> #2  0x000000399f42b955 in __assert_fail () from /lib64/libc.so.6
> #3  0x00000000004209a4 in v9fs_string_sprintf (str=0x1bc9560, fmt=0x5d31e4 "%s
> %lu")
>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:401
> #4  0x0000000000423bcb in stat_to_v9stat (s=0x7f524d3ef010, name=0x1baf658,
> stbuf=0x1bc9588,
>     v9stat=0x1bc94f0) at /home/kraxel/projects/qemu/hw/virtio-9p.c:1039
> #5  0x0000000000423d27 in v9fs_stat_post_lstat (s=0x7f524d3ef010, pdu=<value
> optimized out>)
>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:1229
> #6  v9fs_stat (s=0x7f524d3ef010, pdu=<value optimized out>)
>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:1263
> #7  0x000000000041f8a8 in submit_pdu (vdev=0x7f524d3ef010, vq=0x1aed390)
>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:3452
> #8  handle_9p_output (vdev=0x7f524d3ef010, vq=0x1aed390)
>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:3474
> #9  0x0000000000428e66 in kvm_handle_io (env=0x1665800) at
> /home/kraxel/projects/qemu/kvm-all.c:741
> #10 kvm_cpu_exec (env=0x1665800) at /home/kraxel/projects/qemu/kvm-all.c:882
> #11 0x00000000004d596f in cpu_x86_exec (env1=<value optimized out>)
>     at /home/kraxel/projects/qemu/cpu-exec.c:338
> #12 0x000000000040b468 in qemu_cpu_exec () at /home/kraxel/projects/qemu/cpus.c:767
> #13 cpu_exec_all () at /home/kraxel/projects/qemu/cpus.c:795
> #14 0x0000000000561d35 in main_loop (argc=<value optimized out>, argv=<value
> optimized out>,
>     envp=<value optimized out>) at /home/kraxel/projects/qemu/vl.c:1331
> #15 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value
> optimized out>)
>     at /home/kraxel/projects/qemu/vl.c:3036
> 
> 
> cheers,
>   Gerd
> 

Re: [Qemu-devel] virtio-9p.c:401: v9fs_string_sprintf: Assertion `!(err == -1)' failed.

[Venkateswararao Jujjuri (JV)]

On 10/6/2010 10:58 AM, Venkateswararao Jujjuri (JV) wrote:
> On 10/6/2010 5:48 AM, Gerd Hoffmann wrote:
>>  Hi,
>>
>> $subject says all ...
>>
>> Triggered by mounting the filesystem.  F14 guest.
>>
> 
> Ah. This is introduced by c9ba47dc5d8679efa4d5425aa27e0f8132920fb5
> v9fs_string_sprintf() doesn't support %lu. I will send a patch to fix this shortly.


Here is the patch to fix it.

sgined-off-by: Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com>


diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 3b2d49c..1afa6d1 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -325,6 +325,14 @@ static int number_to_string(void *arg, char type)
         } while (num);
         break;
     }
+    case 'U': {
+        unsigned long num = *(unsigned long *)arg;
+        do {
+            ret++;
+            num = num/10;
+        } while (num);
+        break;
+    }
     default:
         printf("Number_to_string: Unknown number format\n");
         return -1;
@@ -342,6 +350,7 @@ v9fs_string_alloc_printf(char **strp, const char *fmt, va_li
     int nr_args = 0;
     char *arg_char_ptr;
     unsigned int arg_uint;
+    unsigned long arg_ulong;

     /* Find the number of %'s that denotes an argument */
     for (iter = strstr(iter, "%"); iter; iter = strstr(iter, "%")) {
@@ -367,6 +376,14 @@ v9fs_string_alloc_printf(char **strp, const char *fmt, va_l
             arg_uint = va_arg(ap2, unsigned int);
             len += number_to_string((void *)&arg_uint, 'u');
             break;
+        case 'l':
+            if (*++iter == 'u') {
+                arg_ulong = va_arg(ap2, unsigned long);
+                len += number_to_string((void *)&arg_ulong, 'U');
+            } else {
+                return -1;
+            }
+            break;
         case 's':
             arg_char_ptr = va_arg(ap2, char *);
             len += strlen(arg_char_ptr);


> 
> - JV
> 
>> (gdb) #0  0x000000399f4329c5 in raise () from /lib64/libc.so.6
>> #1  0x000000399f4341a5 in abort () from /lib64/libc.so.6
>> #2  0x000000399f42b955 in __assert_fail () from /lib64/libc.so.6
>> #3  0x00000000004209a4 in v9fs_string_sprintf (str=0x1bc9560, fmt=0x5d31e4 "%s
>> %lu")
>>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:401
>> #4  0x0000000000423bcb in stat_to_v9stat (s=0x7f524d3ef010, name=0x1baf658,
>> stbuf=0x1bc9588,
>>     v9stat=0x1bc94f0) at /home/kraxel/projects/qemu/hw/virtio-9p.c:1039
>> #5  0x0000000000423d27 in v9fs_stat_post_lstat (s=0x7f524d3ef010, pdu=<value
>> optimized out>)
>>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:1229
>> #6  v9fs_stat (s=0x7f524d3ef010, pdu=<value optimized out>)
>>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:1263
>> #7  0x000000000041f8a8 in submit_pdu (vdev=0x7f524d3ef010, vq=0x1aed390)
>>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:3452
>> #8  handle_9p_output (vdev=0x7f524d3ef010, vq=0x1aed390)
>>     at /home/kraxel/projects/qemu/hw/virtio-9p.c:3474
>> #9  0x0000000000428e66 in kvm_handle_io (env=0x1665800) at
>> /home/kraxel/projects/qemu/kvm-all.c:741
>> #10 kvm_cpu_exec (env=0x1665800) at /home/kraxel/projects/qemu/kvm-all.c:882
>> #11 0x00000000004d596f in cpu_x86_exec (env1=<value optimized out>)
>>     at /home/kraxel/projects/qemu/cpu-exec.c:338
>> #12 0x000000000040b468 in qemu_cpu_exec () at /home/kraxel/projects/qemu/cpus.c:767
>> #13 cpu_exec_all () at /home/kraxel/projects/qemu/cpus.c:795
>> #14 0x0000000000561d35 in main_loop (argc=<value optimized out>, argv=<value
>> optimized out>,
>>     envp=<value optimized out>) at /home/kraxel/projects/qemu/vl.c:1331
>> #15 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value
>> optimized out>)
>>     at /home/kraxel/projects/qemu/vl.c:3036
>>
>>
>> cheers,
>>   Gerd
>>
> 
> 
>