[Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Consul <void@aleksoft.net>
To: qemu-devel@nongnu.org
Cc: kvm@vger.kernel.org
Subject: [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old   change
Date: Thu, 12 Feb 2009 15:19:32 -0800	[thread overview]
Message-ID: <gn2aq6$gl3$1@ger.gmane.org> (raw)
In-Reply-To: <gn29ga$cjv$1@ger.gmane.org>

Consul wrote:
> Jamie Lokier wrote:
>>
>> It was just for clarity.  If there are any bugs it's more likely to be
>> truncation on a 32 bit host :-)
>>
> Maybe not a proper fix, do you see the same "corruption" with this patch?
> I don't know if it causes any memory leaks, but it certainly clears the 
> segfaults while running my old qcow2 windows images. Perhaps this is a 
> wrong place to free() or it needs a condition?
> 
> $ svn diff block.c
> Index: block.c
> ===================================================================
> --- block.c     (revision 6618)
> +++ block.c     (working copy)
> @@ -1263,7 +1263,7 @@
>      if (!s->is_write) {
>          qemu_iovec_from_buffer(s->iov, s->bounce, s->iov->size);
>      }
> -    qemu_free(s->bounce);
> +    //qemu_free(s->bounce);
>      s->this_aiocb->cb(s->this_aiocb->opaque, ret);
>      qemu_aio_release(s->this_aiocb);
>  }
> 
> 

In fact, s->bounce == 0xf270000 looks suspicious to me.
Perhaps there is a 64/32 bit conversion error somewhere?


(gdb) Num     Type           Disp Enb Address    What
1       breakpoint     keep y   0x004035ac in qemu_bh_poll
                                        at c:/test/qemu/vl.c:3342
	stop only if bh->opaque==0xee9d440
(gdb) The program being debugged has been started already.
Start it from the beginning? (y or n) [answered Y; input not from terminal]
Starting program: c:\test\qemu/i386-softmmu/qemu.exe -L c:\\qemu-dist -hda C:\\qemu-img\\qem8D.tmp -m 512 -boot c -loadvm 1
[New thread 5188.0x180]
[New thread 5188.0xea0]
[New thread 5188.0x1608]

Breakpoint 1, qemu_bh_poll () at c:/test/qemu/vl.c:3342
3342	            bh->cb(bh->opaque);
(gdb) #0  qemu_bh_poll () at c:/test/qemu/vl.c:3342
#1  0x00403a9a in main_loop_wait (timeout=0) at c:/test/qemu/vl.c:3745
#2  0x00407bf5 in main (argc=11, argv=0x3e27c0, envp=0xccc359ff)
     at c:/test/qemu/vl.c:3888
(gdb) qcow_aio_read_bh (opaque=0xee9d440) at block-qcow2.c:1194
1194	    qemu_bh_delete(acb->bh);
(gdb) qemu_bh_delete (bh=0xe41b2f8) at c:/test/qemu/vl.c:3391
3391	    bh->scheduled = 0;
(gdb) 3392	    bh->deleted = 1;
(gdb) 3393	}
(gdb) qcow_aio_read_bh (opaque=0xee9d440) at block-qcow2.c:1195
1195	    acb->bh = NULL;
(gdb) 1196	    qcow_aio_read_cb(opaque, 0);
(gdb) qcow_aio_read_cb (opaque=0xee9d440, ret=0) at block-qcow2.c:1215
1215	    QCowAIOCB *acb = opaque;
(gdb) 1216	    BlockDriverState *bs = acb->common.bs;
(gdb) 1217	    BDRVQcowState *s = bs->opaque;
(gdb) 1220	    acb->hd_aiocb = NULL;
(gdb) 1221	    if (ret < 0) {
(gdb) 1217	    BDRVQcowState *s = bs->opaque;
(gdb) 1229	    if (!acb->cluster_offset) {
(gdb) 1231	    } else if (acb->cluster_offset & QCOW_OFLAG_COMPRESSED) {
(gdb) 1241	    acb->nb_sectors -= acb->n;
(gdb) 1242	    acb->sector_num += acb->n;
(gdb) 1243	    acb->buf += acb->n * 512;
(gdb) 1245	    if (acb->nb_sectors == 0) {
(gdb) 1247	        acb->common.cb(acb->common.opaque, 0);
(gdb) qcow_aio_read_cb (opaque=0xee9d3d0, ret=0) at block-qcow2.c:1215
1215	    QCowAIOCB *acb = opaque;
(gdb) 1216	    BlockDriverState *bs = acb->common.bs;
(gdb) 1217	    BDRVQcowState *s = bs->opaque;
(gdb) 1220	    acb->hd_aiocb = NULL;
(gdb) 1221	    if (ret < 0) {
(gdb) 1217	    BDRVQcowState *s = bs->opaque;
(gdb) 1229	    if (!acb->cluster_offset) {
(gdb) 1241	    acb->nb_sectors -= acb->n;
(gdb) 1242	    acb->sector_num += acb->n;
(gdb) 1243	    acb->buf += acb->n * 512;
(gdb) 1245	    if (acb->nb_sectors == 0) {
(gdb) 1247	        acb->common.cb(acb->common.opaque, 0);
(gdb) bdrv_aio_rw_vector_cb (opaque=0xe41b2c8, ret=0) at block.c:1261
1261	    VectorTranslationState *s = opaque;
(gdb) 1263	    if (!s->is_write) {
(gdb) 1264	        qemu_iovec_from_buffer(s->iov, s->bounce, s->iov->size);
(gdb) qemu_iovec_from_buffer (qiov=0xe412b9c, buf=0xf270000, count=512)
     at cutils.c:155
155	    for (i = 0; i < qiov->niov && count; ++i) {
(gdb) 151	    const uint8_t *p = (const uint8_t *)buf;
(gdb) 157	        if (copy > qiov->iov[i].iov_len)
(gdb) 159	        memcpy(qiov->iov[i].iov_base, p, copy);
(gdb) 160	        p     += copy;
(gdb) 155	    for (i = 0; i < qiov->niov && count; ++i) {
(gdb) 163	}
(gdb) bdrv_aio_rw_vector_cb (opaque=0xe41b2c8, ret=0) at block.c:1266
1266	    qemu_free(s->bounce);
(gdb) qemu_free (ptr=0xf270000) at qemu-malloc.c:41
41	    free(ptr);
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x7c96d811 in ntdll!RtlpNtMakeTemporaryKey () from C:\WINNT\system32\ntdll.dll

next prev parent reply	other threads:[~2009-02-12 23:19 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-02-11  7:00 [Qemu-devel] qcow2 corruption observed, fixed by reverting old change Jamie Lokier
2009-02-11  9:57 ` Kevin Wolf
2009-02-11 11:27   ` Jamie Lokier
2009-02-11 11:41   ` Jamie Lokier
2009-02-11 12:41     ` Kevin Wolf
2009-02-11 16:48       ` Jamie Lokier
2009-02-12 22:57         ` Consul
2009-02-12 23:19           ` Consul [this message]
2009-02-13  7:50             ` [Qemu-devel] " Marc Bevand
2009-02-16 12:44         ` [Qemu-devel] " Kevin Wolf
2009-02-17  0:43           ` Jamie Lokier
2009-03-06 22:37         ` Filip Navara
2009-02-12  5:45       ` Chris Wright
2009-02-12 11:08         ` Johannes Schindelin
     [not found] ` <loom.20090213T060937-534@post.gmane.org>
2009-02-13 11:16   ` [Qemu-devel] " Kevin Wolf
2009-02-13 16:23     ` Jamie Lokier
2009-02-13 18:43       ` Chris Wright
2009-02-14  6:31       ` Marc Bevand
2009-02-14 22:28         ` Dor Laor
2009-02-15  2:27           ` Jamie Lokier
2009-02-15  7:56           ` Marc Bevand
2009-02-15  2:37         ` Jamie Lokier
2009-02-15 10:57     ` Gleb Natapov
2009-02-15 11:46       ` Marc Bevand
2009-02-15 11:54         ` Marc Bevand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='gn2aq6$gl3$1@ger.gmane.org' \
    --to=void@aleksoft.net \
    --cc=kvm@vger.kernel.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).