[Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old cha

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old cha

From:	Consul
Subject:	[Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change
Date:	Thu, 12 Feb 2009 15:19:32 -0800
User-agent:	Thunderbird 2.0.0.19 (Windows/20081209)

Consul wrote:

Jamie Lokier wrote:


It was just for clarity.  If there are any bugs it's more likely to be
truncation on a 32 bit host :-)

Maybe not a proper fix, do you see the same "corruption" with this patch?

I don't know if it causes any memory leaks, but it certainly clears thesegfaults while running my old qcow2 windows images. Perhaps this is awrong place to free() or it needs a condition?


$ svn diff block.c
Index: block.c
===================================================================
--- block.c     (revision 6618)
+++ block.c     (working copy)
@@ -1263,7 +1263,7 @@
     if (!s->is_write) {
         qemu_iovec_from_buffer(s->iov, s->bounce, s->iov->size);
     }
-    qemu_free(s->bounce);
+    //qemu_free(s->bounce);
     s->this_aiocb->cb(s->this_aiocb->opaque, ret);
     qemu_aio_release(s->this_aiocb);
 }


In fact, s->bounce == 0xf270000 looks suspicious to me.
Perhaps there is a 64/32 bit conversion error somewhere?


(gdb) Num     Type           Disp Enb Address    What
1       breakpoint     keep y   0x004035ac in qemu_bh_poll
                                       at c:/test/qemu/vl.c:3342
        stop only if bh->opaque==0xee9d440
(gdb) The program being debugged has been started already.
Start it from the beginning? (y or n) [answered Y; input not from terminal]
Starting program: c:\test\qemu/i386-softmmu/qemu.exe -L c:\\qemu-dist -hda 
C:\\qemu-img\\qem8D.tmp -m 512 -boot c -loadvm 1
[New thread 5188.0x180]
[New thread 5188.0xea0]
[New thread 5188.0x1608]

Breakpoint 1, qemu_bh_poll () at c:/test/qemu/vl.c:3342
3342                bh->cb(bh->opaque);
(gdb) #0  qemu_bh_poll () at c:/test/qemu/vl.c:3342
#1  0x00403a9a in main_loop_wait (timeout=0) at c:/test/qemu/vl.c:3745
#2  0x00407bf5 in main (argc=11, argv=0x3e27c0, envp=0xccc359ff)
    at c:/test/qemu/vl.c:3888
(gdb) qcow_aio_read_bh (opaque=0xee9d440) at block-qcow2.c:1194
1194        qemu_bh_delete(acb->bh);
(gdb) qemu_bh_delete (bh=0xe41b2f8) at c:/test/qemu/vl.c:3391
3391        bh->scheduled = 0;
(gdb) 3392          bh->deleted = 1;
(gdb) 3393      }
(gdb) qcow_aio_read_bh (opaque=0xee9d440) at block-qcow2.c:1195
1195        acb->bh = NULL;
(gdb) 1196          qcow_aio_read_cb(opaque, 0);
(gdb) qcow_aio_read_cb (opaque=0xee9d440, ret=0) at block-qcow2.c:1215
1215        QCowAIOCB *acb = opaque;
(gdb) 1216          BlockDriverState *bs = acb->common.bs;
(gdb) 1217          BDRVQcowState *s = bs->opaque;
(gdb) 1220          acb->hd_aiocb = NULL;
(gdb) 1221          if (ret < 0) {
(gdb) 1217          BDRVQcowState *s = bs->opaque;
(gdb) 1229          if (!acb->cluster_offset) {
(gdb) 1231          } else if (acb->cluster_offset & QCOW_OFLAG_COMPRESSED) {
(gdb) 1241          acb->nb_sectors -= acb->n;
(gdb) 1242          acb->sector_num += acb->n;
(gdb) 1243          acb->buf += acb->n * 512;
(gdb) 1245          if (acb->nb_sectors == 0) {
(gdb) 1247              acb->common.cb(acb->common.opaque, 0);
(gdb) qcow_aio_read_cb (opaque=0xee9d3d0, ret=0) at block-qcow2.c:1215
1215        QCowAIOCB *acb = opaque;
(gdb) 1216          BlockDriverState *bs = acb->common.bs;
(gdb) 1217          BDRVQcowState *s = bs->opaque;
(gdb) 1220          acb->hd_aiocb = NULL;
(gdb) 1221          if (ret < 0) {
(gdb) 1217          BDRVQcowState *s = bs->opaque;
(gdb) 1229          if (!acb->cluster_offset) {
(gdb) 1241          acb->nb_sectors -= acb->n;
(gdb) 1242          acb->sector_num += acb->n;
(gdb) 1243          acb->buf += acb->n * 512;
(gdb) 1245          if (acb->nb_sectors == 0) {
(gdb) 1247              acb->common.cb(acb->common.opaque, 0);
(gdb) bdrv_aio_rw_vector_cb (opaque=0xe41b2c8, ret=0) at block.c:1261
1261        VectorTranslationState *s = opaque;
(gdb) 1263          if (!s->is_write) {
(gdb) 1264              qemu_iovec_from_buffer(s->iov, s->bounce, s->iov->size);
(gdb) qemu_iovec_from_buffer (qiov=0xe412b9c, buf=0xf270000, count=512)
    at cutils.c:155
155         for (i = 0; i < qiov->niov && count; ++i) {
(gdb) 151           const uint8_t *p = (const uint8_t *)buf;
(gdb) 157               if (copy > qiov->iov[i].iov_len)
(gdb) 159               memcpy(qiov->iov[i].iov_base, p, copy);
(gdb) 160               p     += copy;
(gdb) 155           for (i = 0; i < qiov->niov && count; ++i) {
(gdb) 163       }
(gdb) bdrv_aio_rw_vector_cb (opaque=0xe41b2c8, ret=0) at block.c:1266
1266        qemu_free(s->bounce);
(gdb) qemu_free (ptr=0xf270000) at qemu-malloc.c:41
41          free(ptr);
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x7c96d811 in ntdll!RtlpNtMakeTemporaryKey () from C:\WINNT\system32\ntdll.dll

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Jamie Lokier, 2009/02/11
- Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Kevin Wolf, 2009/02/11
  - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Jamie Lokier, 2009/02/11
  - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Jamie Lokier, 2009/02/11
    - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Kevin Wolf, 2009/02/11
    - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Jamie Lokier, 2009/02/11
    - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Consul, 2009/02/12
    - [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change, Consul <=
    - Re: [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change, Marc Bevand, 2009/02/13
    - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Kevin Wolf, 2009/02/16
    - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Jamie Lokier, 2009/02/16
    - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Chris Wright, 2009/02/12
    - Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change, Johannes Schindelin, 2009/02/12
- Message not available
  - [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change, Kevin Wolf, 2009/02/13
    - Re: [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change, Jamie Lokier, 2009/02/13
    - Re: [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change, Chris Wright, 2009/02/13
    - Re: [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change, Marc Bevand, 2009/02/14
    - Re: [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change, Dor Laor, 2009/02/14

Prev by Date: Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change
Next by Date: Re: [Qemu-devel] [RFC] Machine description as data
Previous by thread: Re: [Qemu-devel] qcow2 corruption observed, fixed by reverting old change
Next by thread: Re: [Qemu-devel] Re: qcow2 corruption observed, fixed by reverting old change
Index(es):
- Date
- Thread