When using filter-mirror like the example below where the interface
'ndev0' does not exist on the host, QEMU crashes into segmentation
fault.
$ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
This happens because the function filter_mirror_setup() does not checks
if the device actually exists and still keep on processing calling
qemu_chr_find(). This patch fixes this issue.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
net/filter-mirror.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 90e2c92337..e18a4b16a0 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
MirrorState *s = FILTER_MIRROR(nf);
Chardev *chr;
+ if (s->outdev == NULL) {
+ goto err;
+ }
+
chr = qemu_chr_find(s->outdev);
+
if (chr == NULL) {
- error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
- "Device '%s' not found", s->outdev);
- return;
+ goto err;
}
qemu_chr_fe_init(&s->chr_out, chr, errp);
+
+err:
+ error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
+ nf->netdev_id);
+ return;
}
static void redirector_rs_finalize(SocketReadState *rs)
--
2.13.5
On 08/21/2017 11:50 PM, Eduardo Otubo wrote:
> When using filter-mirror like the example below where the interface
> 'ndev0' does not exist on the host, QEMU crashes into segmentation
> fault.
>
> $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
>
> This happens because the function filter_mirror_setup() does not checks
> if the device actually exists and still keep on processing calling
> qemu_chr_find(). This patch fixes this issue.
>
> Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Looks good for me.
Reviewed-by: Zhang Chen<zhangchen.fnst@cn.fujitsu.com>
Thanks
Zhang Chen
> ---
> net/filter-mirror.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> index 90e2c92337..e18a4b16a0 100644
> --- a/net/filter-mirror.c
> +++ b/net/filter-mirror.c
> @@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
> MirrorState *s = FILTER_MIRROR(nf);
> Chardev *chr;
>
> + if (s->outdev == NULL) {
> + goto err;
> + }
> +
> chr = qemu_chr_find(s->outdev);
> +
> if (chr == NULL) {
> - error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> - "Device '%s' not found", s->outdev);
> - return;
> + goto err;
> }
>
> qemu_chr_fe_init(&s->chr_out, chr, errp);
> +
> +err:
> + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
> + nf->netdev_id);
> + return;
> }
>
> static void redirector_rs_finalize(SocketReadState *rs)
--
Thanks
Zhang Chen
On Tue, Aug 22, 2017 at 09:19:20AM +0800, Zhang Chen wrote:
>
>
> On 08/21/2017 11:50 PM, Eduardo Otubo wrote:
> > When using filter-mirror like the example below where the interface
> > 'ndev0' does not exist on the host, QEMU crashes into segmentation
> > fault.
> >
> > $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
> >
> > This happens because the function filter_mirror_setup() does not checks
> > if the device actually exists and still keep on processing calling
> > qemu_chr_find(). This patch fixes this issue.
> >
> > Signed-off-by: Eduardo Otubo <otubo@redhat.com>
>
> Looks good for me.
>
> Reviewed-by: Zhang Chen<zhangchen.fnst@cn.fujitsu.com>
Ping.
>
> Thanks
> Zhang Chen
>
> > ---
> > net/filter-mirror.c | 14 +++++++++++---
> > 1 file changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> > index 90e2c92337..e18a4b16a0 100644
> > --- a/net/filter-mirror.c
> > +++ b/net/filter-mirror.c
> > @@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
> > MirrorState *s = FILTER_MIRROR(nf);
> > Chardev *chr;
> > + if (s->outdev == NULL) {
> > + goto err;
> > + }
> > +
> > chr = qemu_chr_find(s->outdev);
> > +
> > if (chr == NULL) {
> > - error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> > - "Device '%s' not found", s->outdev);
> > - return;
> > + goto err;
> > }
> > qemu_chr_fe_init(&s->chr_out, chr, errp);
> > +
> > +err:
> > + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
> > + nf->netdev_id);
> > + return;
> > }
> > static void redirector_rs_finalize(SocketReadState *rs)
>
> --
> Thanks
> Zhang Chen
>
>
>
>
--
Eduardo Otubo
Senior Software Engineer @ RedHat
On Tue, Aug 22, 2017 at 09:19:20AM +0800, Zhang Chen wrote:
>
>
> On 08/21/2017 11:50 PM, Eduardo Otubo wrote:
> > When using filter-mirror like the example below where the interface
> > 'ndev0' does not exist on the host, QEMU crashes into segmentation
> > fault.
> >
> > $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
> >
> > This happens because the function filter_mirror_setup() does not checks
> > if the device actually exists and still keep on processing calling
> > qemu_chr_find(). This patch fixes this issue.
> >
> > Signed-off-by: Eduardo Otubo <otubo@redhat.com>
>
> Looks good for me.
>
> Reviewed-by: Zhang Chen<zhangchen.fnst@cn.fujitsu.com>
>
> Thanks
> Zhang Chen
>
So Peter and Michael pointed that this patch didn't pass on make check causing
this:
qemu-system-x86_64: -object
filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0: Device
'qtest-bn0' not found
Broken pipe
GTester: last random seed: R02S4f1b7fb2da540e3e36e962f19f19ac65
(tests/test-filter-mirror:6059): GLib-CRITICAL **: g_hook_destroy_link:
assertion 'hook != NULL' failed
make: *** [/home/otubo/develop/qemu/otubo/tests/Makefile.include:847:
check-qtest-x86_64] Error 1
otubo@vader ~/develop/qemu/otubo netdev_segfault $ git show
> > ---
> > net/filter-mirror.c | 14 +++++++++++---
> > 1 file changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> > index 90e2c92337..e18a4b16a0 100644
> > --- a/net/filter-mirror.c
> > +++ b/net/filter-mirror.c
> > @@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error **errp)
> > MirrorState *s = FILTER_MIRROR(nf);
> > Chardev *chr;
> > + if (s->outdev == NULL) {
> > + goto err;
> > + }
> > +
> > chr = qemu_chr_find(s->outdev);
> > +
> > if (chr == NULL) {
> > - error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> > - "Device '%s' not found", s->outdev);
> > - return;
> > + goto err;
> > }
> > qemu_chr_fe_init(&s->chr_out, chr, errp);
And the reason was there was no return after qemu_chr_fe_init, making it fatally
go to the "err:" label.
> > +
> > +err:
> > + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
> > + nf->netdev_id);
Also, "nf->netdev_id" wasn't the device not found, but "s->outdev"; which makes
sense to have two error messages here one for when Null and one for when it's
not found, otherwise we'd fall into not very clear error messages like:
qemu-system-x86_64: -object filter-mirror,id=test-object,netdev=ndev0: Device
'(null)' not found
I'm fixing all this and sending a v2 shortly.
Thanks for the review and tests.
--
Eduardo Otubo
Senior Software Engineer @ RedHat
21.08.2017 18:50, Eduardo Otubo wrote: > When using filter-mirror like the example below where the interface > 'ndev0' does not exist on the host, QEMU crashes into segmentation > fault. Applied to -trivial, thanks! /mjt
© 2016 - 2024 Red Hat, Inc.