Bug 1075543

Summary: Libvirt does not terminate when DHCP snooping is being used
Product: Red Hat Enterprise Linux 7 Reporter: Stefan Berger <stefanb>
Component: libvirtAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dyuan, honzhang, jiahu, laine, mzhan, rbalakri
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-1.2.7-1.el7 Doc Type: Bug Fix
Doc Text:
In previous versions of libvirt, if a virtual machine configuration had an active nwfilter rule using: <parameter name='CTRL_IP_LEARNING' value='dhcp'/> (i.e. "dhcp snooping") and an attempt was made to terminate libvirtd before the associated nwfilter rule had snooped the guest IP address from DHCP packets, libvirtd would hang on exit. This has been resolved by placing a maximum wait time for learning the IP address with this method; libvirtd will no longer hang on exit.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 07:31:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stefan Berger 2014-03-12 10:57:06 UTC 
Description of problem:


Version-Release number of selected component (if applicable):

libvirt-daemon-1.1.1-23.el7.x86_64

How reproducible:

Steps to Reproduce:
1. Start a VM that uses DHCP snooping containing the following domain XML fragment:

    <interface type='bridge'>
      <source bridge='br0'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
    </interface>

2. Try to terminate libvirtd using the following command for example:
kill -SIGTERM $(pidof libvirtd)

Actual results:

Trying to terminate libvirtd does not work. Libvirtd has to be killed using 'SIGKILL'.

Expected results:

Libvirtd should terminate.


Additional info:

The patch resolving this issue has been pushed to the upstream repo:

commit a718eb19e344f2d8f5e9042a290f9aaa8f651a78
Author: Stefan Berger <stefanb.ibm.com>
Date:   Mon Mar 3 15:13:44 2014 -0500

    nwfilter: Cap the poll timeout in the DHCP Snooping code

    Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
    to not hold up the libvirt shutdown longer than this.

    Signed-off-by: Stefan Berger <stefanb.ibm.com>
Comment 3 Stefan Berger 2014-04-07 13:56:51 UTC 
Would it be possible to apply this patch to an upcoming version of the el7 libvirt?
Comment 6 Hu Jianwei 2014-11-24 10:02:13 UTC 
Verified bug as below:

[root@ibm-x3850x5-06 ~]# rpm -q libvirt
libvirt-1.2.8-7.el7.x86_64
[root@ibm-x3850x5-06 ~]# 
[root@ibm-x3850x5-06 ~]# virsh dumpxml r7| grep /interface -B8
    <interface type='network'>
      <mac address='02:54:00:36:c6:d0'/>
      <source network='default'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
[root@ibm-x3850x5-06 ~]# virsh start r7
Domain r7 started

[root@ibm-x3850x5-06 ~]# service libvirtd status
Redirecting to /bin/systemctl status  libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: active (running) since Mon 2014-11-24 17:58:23 CST; 29s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
 Main PID: 14380 (libvirtd)
   CGroup: /system.slice/libvirtd.service
           ├─14144 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --dhcp-script=/usr/libexe...
           ├─14145 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --dhcp-script=/usr/libexe...
           └─14380 /usr/sbin/libvirtd

Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...2
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...3
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...4
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...5
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...6
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...7
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...8
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...9
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...0
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...1
Hint: Some lines were ellipsized, use -l to show in full.
[root@ibm-x3850x5-06 ~]# kill -SIGTERM 14380 

[root@ibm-x3850x5-06 ~]# service libvirtd status
Redirecting to /bin/systemctl status  libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: inactive (dead) since Mon 2014-11-24 17:59:17 CST; 26s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
  Process: 14380 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 14380 (code=exited, status=0/SUCCESS)

Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...6
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...7
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...8
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...9
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...0
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...1
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPDISCOVER(virbr0) 02:54:00...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPOFFER(virbr0) 192.168.122...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPREQUEST(virbr0) 192.168.1...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPACK(virbr0) 192.168.122.1...g
Hint: Some lines were ellipsized, use -l to show in full.
[root@ibm-x3850x5-06 ~]# 

Move to Verified.
Comment 8 errata-xmlrpc 2015-03-05 07:31:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0323.html