From: Thomas Huth <1681439@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Bug 1681439] Re: dma_blk_cb leaks memory map handles on misaligned IO
Date: Tue, 11 May 2021 05:34:42 -0000 [thread overview]
Message-ID: <162071128240.3040.6057298804607470733.malone@wampee.canonical.com> (raw)
In-Reply-To: 20170410132346.31250.84835.malonedeb@wampee.canonical.com
This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/259
** Tags added: fuzzer
** Changed in: qemu
Status: Confirmed => Expired
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #259
https://gitlab.com/qemu-project/qemu/-/issues/259
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1681439
Title:
dma_blk_cb leaks memory map handles on misaligned IO
Status in QEMU:
Expired
Bug description:
Maintainer Edit:
The functions in dma-helpers mismanage misaligned IO, badly enough to
cause an infinite loop where no progress can be made. This allows the
IDE state machine to get wedged such that cancelling DMA can fail;
because the DMA helpers have bodged the state of the DMA transfer. See
Comment #15 for the in-depth analysis.
I've updated the name of this bug to reflect the current status as I
understand it.
--js
Original report:
Since upgrading to QEMU 2.8.0, my Windows 7 64-bit virtual machines
started crashing due to the assertion quoted in the summary failing.
The assertion in question was added by commit 9972354856 ("block: add
BDS field to count in-flight requests"). My tests show that setting
discard=unmap is needed to reproduce the issue. Speaking of
reproduction, it is a bit flaky, because I have been unable to come up
with specific instructions that would allow the issue to be triggered
outside of my environment, but I do have a semi-sane way of testing that
appears to depend on a specific initial state of data on the underlying
storage volume, actions taken within the VM and waiting for about 20
minutes.
Here is the shortest QEMU command line that I managed to reproduce the
bug with:
qemu-system-x86_64 \
-machine pc-i440fx-2.7,accel=kvm \
-m 3072 \
-drive file=/dev/lvm/qemu,format=raw,if=ide,discard=unmap \
-netdev tap,id=hostnet0,ifname=tap0,script=no,downscript=no,vhost=on \
-device virtio-net-pci,netdev=hostnet0 \
-vnc :0
The underlying storage (/dev/lvm/qemu) is a thin LVM snapshot.
QEMU was compiled using:
./configure --python=/usr/bin/python2.7 --target-list=x86_64-softmmu
make -j3
My virtualization environment is not really a critical one and
reproduction is not that much of a hassle, so if you need me to gather
further diagnostic information or test patches, I will be happy to help.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1681439/+subscriptions
prev parent reply other threads:[~2021-05-11 6:20 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-10 13:23 [Qemu-devel] [Bug 1681439] [NEW] qemu-system-x86_64: hw/ide/core.c:685: ide_cancel_dma_sync: Assertion `s->bus->dma->aiocb == NULL' failed Michał Kępień
2017-04-10 13:31 ` [Qemu-devel] [Bug 1681439] " Michał Kępień
2017-04-10 21:17 ` John Snow
2017-04-10 22:08 ` John Snow
2017-04-11 7:45 ` Michał Kępień
2017-04-11 22:16 ` John Snow
2017-04-12 7:51 ` Michał Kępień
2017-04-13 22:52 ` John Snow
2017-04-14 6:38 ` Michał Kępień
2017-09-25 4:34 ` Michał Kępień
2017-09-25 17:24 ` John Snow
2017-09-25 17:33 ` Thomas Huth
2018-08-21 6:44 ` Thomas Huth
2018-10-21 4:17 ` Launchpad Bug Tracker
2020-06-16 15:52 ` Bugs SysSec
2020-07-11 18:34 ` Alexander Bulekov
2020-07-27 22:37 ` John Snow
2020-07-28 1:11 ` John Snow
2020-07-28 1:29 ` John Snow
2020-11-04 23:48 ` John Snow
2020-11-09 10:41 ` [Bug 1681439] Re: dma_blk_cb leaks memory map handles on misaligned IO Stefan Hajnoczi
2020-11-09 16:07 ` John Snow
2021-05-11 5:34 ` Thomas Huth [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=162071128240.3040.6057298804607470733.malone@wampee.canonical.com \
--to=1681439@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.