qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [BUG] Regression in networking code (SIGSEGV)


From: Stefan Weil
Subject: Re: [Qemu-devel] [BUG] Regression in networking code (SIGSEGV)
Date: Thu, 05 Feb 2009 20:24:06 +0100
User-agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103)

Gleb Natapov schrieb:
> On Wed, Feb 04, 2009 at 01:01:36PM +0100, Stefan Weil wrote:
>   
>> Hi,
>>
>> of course. But I found a simple way to reproduce the bug, so I think
>> this new way is simpler to handle than tcpreplay:
>>
>> Host: amd64, debian 5.0 (I think others will do, too)
>> Guest: i686, debian 4.0 (I think others will do, too)
>>
>> The host must export an NFS filesystem (/tftpboot in my tests).
>> The guest must be able to mount this NFS filesystem using special options.
>>
>> Start the guest (hda.img contains a minimal debian 4.0 installation):
>> $ i386-softmmu/qemu -m 512 -hda ~/hda.img
>>
>> Mount host NFS on guest:
>> $ mount 10.0.2.2:/tftpboot /mnt -o
>> proto=udp,rsize=4096,wsize=4096,nointr,nolock,nfsvers=2
>>
>> Copy files from host NFS to host NFS on guest:
>> $ cp /mnt/malta-le/usr/lib/libstdc++.so.6.0.8 /mnt/malta-le/tmp
>>
>> In my tests, the file to copy has 1164392 bytes, the guest creates
>> the destination file with 0 bytes and crashs.
>>
>> The NFS mount options are identical to the options used by Linux NFS root
>> but different to those used by default. With default NFS options, there
>> is no crash,
>> so this explains why I get crashs in my NFS root tests but had difficulties
>> to get a crash with other network operations.
>> I know that proto=udp is important but did not check many other
>> combinations.
>>
>> With malta and other mips guests, the crash can be reproduced in the
>> same way,
>> so I am now fairly sure that any guest (on any host) will crash like this.
>>
>>     
> Cool, I can reproduce it now! Can you try the patch below?
>
> Signed-off-by: Gleb Natapov <address@hidden>
>
> diff --git a/qemu/slirp/ip_input.c b/qemu/slirp/ip_input.c
> index e7f2756..f00a2e8 100644
> --- a/qemu/slirp/ip_input.c
> +++ b/qemu/slirp/ip_input.c
> @@ -393,7 +393,7 @@ insert:
>        */
>       if (m->m_flags & M_EXT) {
>         int delta;
> -       delta = (char *)ip - m->m_dat;
> +       delta = (char *)q - m->m_dat;
>         q = (struct ipasfrag *)(m->m_ext + delta);
>       }
>  
> --
>                       Gleb.
>
>   

Very good. Your patch should be applied to Qemu trunk, because
it fixes the network bug which was introduced by r6288.

Mips Malta, Ar7 and i386 no longer crashed in my test scenario.

Regards
Stefan





reply via email to

[Prev in Thread] Current Thread [Next in Thread]