On 9/11/19 6:08 PM, Philippe Mathieu-Daudé wrote:
> The 'blockdev-create' QMP command was introduced as experimental
> feature in commit b0292b851b8, using the assert() debug call.
> It got promoted to 'stable' command in 3fb588a0f2c, but the
> assert call was not removed.
> 
> Some block drivers are optional, and bdrv_find_format() might
> return a NULL value, triggering the assertion.
> 
> Stable code is not expected to abort, so return an error instead.
> 
> This is easily reproducible when libnfs is not installed:
> 
>   ./configure
>   [...]
>   module support    no
>   Block whitelist (rw)
>   Block whitelist (ro)
>   libiscsi support  yes
>   libnfs support    no
>   [...]
> 
> Start QEMU:
> 
>   $ qemu-system-x86_64 -S -qmp unix:/tmp/qemu.qmp,server,nowait
> 
> Send the 'blockdev-create' with the 'nfs' driver:
> 
>   $ ( cat << 'EOF'
>   {'execute': 'qmp_capabilities'}
>   {'execute': 'blockdev-create', 'arguments': {'job-id': 'x', 'options': 
> {'size': 0, 'driver': 'nfs', 'location': {'path': '/', 'server': {'host': 
> '::1', 'type': 'inet'}}}}, 'id': 'x'}
>   EOF
>   ) | socat STDIO UNIX:/tmp/qemu.qmp
>   {"QMP": {"version": {"qemu": {"micro": 50, "minor": 1, "major": 4}, 
> "package": "v4.1.0-733-g89ea03a7dc"}, "capabilities": ["oob"]}}
>   {"return": {}}
> 
> QEMU crashes:
> 
>   $ gdb qemu-system-x86_64 core
>   Program received signal SIGSEGV, Segmentation fault.
>   (gdb) bt
>   #0  0x00007ffff510957f in raise () at /lib64/libc.so.6
>   #1  0x00007ffff50f3895 in abort () at /lib64/libc.so.6
>   #2  0x00007ffff50f3769 in _nl_load_domain.cold.0 () at /lib64/libc.so.6
>   #3  0x00007ffff5101a26 in .annobin_assert.c_end () at /lib64/libc.so.6
>   #4  0x0000555555d7e1f1 in qmp_blockdev_create (job_id=0x555556baee40 "x", 
> options=0x555557666610, errp=0x7fffffffc770) at block/create.c:69
>   #5  0x0000555555c96b52 in qmp_marshal_blockdev_create (args=0x7fffdc003830, 
> ret=0x7fffffffc7f8, errp=0x7fffffffc7f0) at 
> qapi/qapi-commands-block-core.c:1314
>   #6  0x0000555555deb0a0 in do_qmp_dispatch (cmds=0x55555645de70 
> <qmp_commands>, request=0x7fffdc005c70, allow_oob=false, errp=0x7fffffffc898) 
> at qapi/qmp-dispatch.c:131
>   #7  0x0000555555deb2a1 in qmp_dispatch (cmds=0x55555645de70 <qmp_commands>, 
> request=0x7fffdc005c70, allow_oob=false) at qapi/qmp-dispatch.c:174
> 
> With this patch applied, QEMU returns a QMP error:
> 
>   {'execute': 'blockdev-create', 'arguments': {'job-id': 'x', 'options': 
> {'size': 0, 'driver': 'nfs', 'location': {'path': '/', 'server': {'host': 
> '::1', 'type': 'inet'}}}}, 'id': 'x'}
>   {"id": "x", "error": {"class": "GenericError", "desc": "Block driver 'nfs' 
> not found or not supported"}}
> 
> Reported-by: Xu Tian <xut...@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com>

Reviewed-by: John Snow <js...@redhat.com>

Reply via email to