From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:56959)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <s.priebe@profihost.ag>) id 1SyN6J-0007Q3-Di
	for qemu-devel@nongnu.org; Mon, 06 Aug 2012 09:12:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <s.priebe@profihost.ag>) id 1SyN6C-0002mA-Df
	for qemu-devel@nongnu.org; Mon, 06 Aug 2012 09:12:03 -0400
Received: from mail.profihost.ag ([85.158.179.208]:58750)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <s.priebe@profihost.ag>) id 1SyN6C-0002lv-2Z
	for qemu-devel@nongnu.org; Mon, 06 Aug 2012 09:11:56 -0400
Message-ID: <501FC299.1050408@profihost.ag>
Date: Mon, 06 Aug 2012 15:11:53 +0200
From: Stefan Priebe - Profihost AG <s.priebe@profihost.ag>
MIME-Version: 1.0
References: <5017C8A0.60506@profihost.ag> <5017F19E.4070308@redhat.com>
	<501817C9.6090405@profihost.ag> <5018EC7D.9090702@redhat.com>
	<5018F5BB.9070500@profihost.ag> <5018F7E6.4020909@redhat.com>
	<5018F9F6.70307@profihost.ag> <5018FC9B.8040808@redhat.com>
	<501E4615.7060801@profihost.ag> <501E4AFD.3020806@redhat.com>
	<501E96BB.5060702@profihost.ag> <501EC2E2.8010802@profihost.ag>
	<501F8226.9090500@redhat.com> <501F846C.50903@profihost.ag>
	<501FB4A8.6080609@redhat.com> <501FBAA2.6050205@redhat.com>
In-Reply-To: <501FBAA2.6050205@redhat.com>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] KVM segfaults with 3.5 while installing ubuntu
	12.04
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Avi Kivity <avi@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>, kvm@vger.kernel.org, mtosatti@redhat.com, qemu-devel <qemu-devel@nongnu.org>, linux-kernel <linux-kernel@vger.kernel.org>

can confirm - this fixed it!
Am 06.08.2012 14:37, schrieb Avi Kivity:
> On 08/06/2012 03:12 PM, Avi Kivity wrote:
>> On 08/06/2012 11:46 AM, Stefan Priebe - Profihost AG wrote:
>>
>>> But still i got the segfault and core dump - this is my main problem? I
>>> mean qemu-kvm master isn't declared as stable. So i don't care about the
>>> slowness here.
>>>
>>> What can we do about the core dump and crash?
>>
>> Okay, I reproduced it; it seems aio=native is the culprit.  You can try
>> aio=threads as a workaround.
>>
>> Copying some relevant people (context: aio=native on qemu-kvm-1.1.1
>> segfaults pretty early during guest install)
>>
>
> The following ought to fix it:
>
>
> From: Avi Kivity <avi@redhat.com>
> Date: Mon, 6 Aug 2012 15:35:02 +0300
> Subject: [PATCH] virtio-mlk: fix use-after-free while handling scsi commands
>
> The scsi passthrough handler falls through after completing a
> request into the failure path, resulting in a use after free.
>
> Reprducible by running a guest with aio=native on a block device.
>
> Reported-by: Stefan Priebe <s.priebe@profihost.ag>
> Signed-off-by: Avi Kivity <avi@redhat.com>
>
> diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
> index f21757e..552b3b6 100644
> --- a/hw/virtio-blk.c
> +++ b/hw/virtio-blk.c
> @@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
>
>       virtio_blk_req_complete(req, status);
>       g_free(req);
> +    return;
>   #else
>       abort();
>   #endif
>
>