I have been working with the qemu devs, was able to reproduce the slirp
networking crashes under valgrind, and they provided a fix:
http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg02411.html
The fix has also been merged upstream:
commit ea64d5f08817b5e79e17135dce516c7583107f91
Author: Samuel Thibault <samuel.thiba...@ens-lyon.org>
Date: Sun Nov 13 23:54:27 2016 +0100
slirp: Fix access to freed memory
if_start() goes through the slirp->if_fastq and slirp->if_batchq
list of pending messages, and accesses ifm->ifq_so->so_nqueued of its
elements if ifm->ifq_so != NULL. When freeing a socket, we thus need
to make sure that any pending message for this socket does not refer
to the socket any more.
Signed-off-by: Samuel Thibault <samuel.thiba...@ens-lyon.org>
Tested-by: Brian Candler <b.cand...@pobox.com>
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
So now everything is fine as long as I build qemu 2.7.0 + this patch
from source.
I'm not sure whether back-porting this to 2.5.0 would be useful. It
looks like it could apply, but I believe there was a big reworking of
SLIRP around 2.6 which could have fixed other problems. I can ask the
question on the list if you like.
I'm planning to use 2.7 going forward since that's what I've tested
heavily. Having qemu 2.7.0 + this patch in xenial-backports would be
helpful for me, but I can also live with having to build from source
until Ubuntu 18.04 is out.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1630226
Title:
segfault in qemu-system-x86_64
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1630226/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
