On Tue, 05/21 08:39, Richard W.M. Jones wrote: > On Tue, May 21, 2013 at 09:54:15AM +0800, Fam Zheng wrote: > > On Mon, 05/20 09:49, Richard W.M. Jones wrote: > > > On Mon, May 20, 2013 at 09:41:06AM +0100, Richard W.M. Jones wrote: > > > > On Mon, May 20, 2013 at 03:03:34PM +0800, Fam Zheng wrote: > > > > > CURL library API has changed, the current curl driver is not working. > > > > > This patch rewrites the use of API as well as the structure of > > > > > internal > > > > > states. > > > > > > > > I tried this, but it segfaults: > > > > > > > > Program terminated with signal 11, Segmentation fault. > > > > > > That stack trace was wrong. I was testing against the version of > > > libcurl in Fedora which is known to be broken. > > > > > > Here is the stack trace, this time really running against > > > curl-7_30_0-147-gae26ee3: > > > > > > Program terminated with signal 11, Segmentation fault. > > > #0 curl_read_cb (ptr=<optimized out>, size=<optimized out>, > > > nmemb=<optimized out>, opaque=0x7f63d48ba340) at block/curl.c:240 > > > 240 size_t aio_base = acb->sector_num * SECTOR_SIZE; > > > > Looks like a memory corrupt (QLIST head is invalid pointer). But I can't > > reproduce here with your steps. Can you try qemu-io? > > > > $LD_LIBRARY_PATH=~/d/curl/lib/.libs ~/d/qemu/qemu-io > > http://192.168.0.249/scratch/winxp.img -c 'read 0 512' > > This command is successful: > > $ LD_LIBRARY_PATH=~/d/curl/lib/.libs ~/d/qemu/qemu-io > http://192.168.0.249/scratch/winxp.img -c 'read 0 512' > read 512/512 bytes at offset 0 > 512 bytes, 1 ops; 0.0000 sec (32.552 MiB/sec and 66666.6667 ops/sec) > $ echo $? > 0 > > Here's another go with guestfish: > > $ ulimit -c unlimited > $ LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1 LIBGUESTFS_BACKEND=direct > LIBGUESTFS_QEMU=~/d/qemu/qemu.wrapper LD_LIBRARY_PATH=~/d/curl/lib/.libs > PATH=~/d/qemu:$PATH ./run ./fish/guestfish -a > http://192.168.0.249/scratch/winxp.img -i > [...] > [00159ms] /home/rjones/d/qemu/qemu.wrapper \ > -global virtio-blk-pci.scsi=off \ > -nodefconfig \ > -nodefaults \ > -nographic \ > -device virtio-scsi-pci,id=scsi \ > -drive file=http://192.168.0.249/scratch/winxp.img,id=hd0,if=none \ > -device scsi-hd,drive=hd0 \ > -drive > file=/home/rjones/d/libguestfs/tmp/.guestfs-1000/root.15535,snapshot=on,id=appliance,if=none,cache=unsafe > \ > -device scsi-hd,drive=appliance \ > -machine accel=kvm:tcg \ > -m 500 \ > -no-reboot \ > -no-hpet \ > -device virtio-serial \ > -serial stdio \ > -device sga \ > -chardev > socket,path=/home/rjones/d/libguestfs/tmp/libguestfsk9fu9P/guestfsd.sock,id=channel0 > \ > -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ > -kernel /home/rjones/d/libguestfs/tmp/.guestfs-1000/kernel.15535 \ > -initrd /home/rjones/d/libguestfs/tmp/.guestfs-1000/initrd.15535 \ > -append 'panic=1 console=ttyS0 udevtimeout=600 no_timer_check acpi=off > printk.time=1 cgroup_disable=memory root=/dev/sdb selinux=0 guestfs_verbose=1 > TERM=xterm-256color'libguestfs: error: appliance closed the connection > unexpectedly, see earlier error messages > libguestfs: child_cleanup: 0x1db0090: child process died > libguestfs: sending SIGTERM to process 15600 > libguestfs: error: /home/rjones/d/qemu/qemu.wrapper killed by signal 11 > (Segmentation fault), see debug messages above > libguestfs: error: guestfs_launch failed, see earlier error messages > libguestfs: trace: launch = -1 (error) > [...] > > $ file /tmp/core.15600 > /tmp/core.15600: ELF 64-bit LSB core file x86-64, version 1 (SYSV), > SVR4-style, from '/home/rjones/d/qemu/x86_64-softmmu/qemu-system-x86_64 -L > /home/rjones/d/qemu/pc' > > $ gdb /home/rjones/d/qemu/x86_64-softmmu/qemu-system-x86_64 /tmp/core.15600 > > [stack trace is the same as before] > > #0 curl_read_cb (ptr=<optimized out>, size=<optimized out>, > nmemb=<optimized out>, opaque=0x7f4d3c769360) at block/curl.c:240 > 240 size_t aio_base = acb->sector_num * SECTOR_SIZE; > (gdb) print acb > $1 = (CURLAIOCB *) 0x7575757575757575 > > Looks like use-after-free?
Yes, thank you a lot. Will post another version to fix this. -- Fam