Bug 1111450
| Summary: | Guest crash when hotplug usb while disable virt_use_usb | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | zhenfeng wang <zhwang> | |
| Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> | |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.0 | CC: | dyuan, hhuang, huding, jdenemar, juli, juzhang, knoel, mzhan, pkrempa, rbalakri, shyu, sluo, virt-maint, xfu, ydu, zhwang | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | qemu-kvm-1.5.3-76.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1111451 (view as bug list) | Environment: | ||
| Last Closed: | 2015-03-05 08:10:18 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1111451 | |||
Please attach the VM log file: /var/log/libvirt/qemu/rhel7.log as it might hint on why qemu crashed/exited and also the libvirt debug log in case we'd need to trace an issue there. Ah, sorry I now noticed it's pasted inline. QEMU should not exit after a failed hotplug of a USB device. Only the hotplug operation should fail. Reassigning to qemu-kvm. Please retest with this test build: http://people.redhat.com/ghoffman/bz1103193/ Hi Gerd I just retest comment0's steps with your test build, find the guest didn't crash when hotplug usb while disable virt_use_usb, however, find some other issues with the following two scenarios : scenario1: Disable virt_use_usb but enable selinux # getsebool virt_use_usb virt_use_usb --> off # getenforce Enforcing Issues: 1.The usb can still hotplug successfully even disable the virt_use_usb. the expect result should fail # virsh attach-device rhel7 usb.xml Device attached successfully 2.Didn't see the usb device inside the guest after attach the usb to the guest, however, could see it in the guest's xml #virsh dumpxml rhel7 -- hostdev mode='subsystem' type='usb' managed='yes'> <source> <address bus='2' device='3'/> </source> <alias name='hostdev0'/> </hostdev> -- 3.Find some avc info while hotplug and unhotplug the usb we could see the following avc info while hotplug the usb #ausearch -m avc -ts recent -- time->Mon Jul 7 11:29:28 2014 type=SYSCALL msg=audit(1404703768.660:3609): arch=c000003e syscall=4 success=no exit=-13 a0=7fff95fcfa50 a1=7fff95fcf9c0 a2=7fff95fcf9c0 a3=b items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null) type=AVC msg=audit(1404703768.660:3609): avc: denied { getattr } for pid=10970 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/descriptors" dev="sysfs" ino=9710 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Mon Jul 7 11:29:28 2014 type=SYSCALL msg=audit(1404703768.660:3610): arch=c000003e syscall=4 success=no exit=-13 a0=7fff95fcfa50 a1=7fff95fcf9c0 a2=7fff95fcf9c0 a3=13 items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null) type=AVC msg=audit(1404703768.660:3610): avc: denied { getattr } for pid=10970 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/bConfigurationValue" dev="sysfs" ino=9666 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:sysfs_t:s0 tclass=file -- Could see the following avc info while unhotplug the usb #virsh detach-device rhel7 usb.xml Device detached successfully #ausearch -m avc -ts recent -- time->Mon Jul 7 11:31:54 2014 type=SYSCALL msg=audit(1404703914.660:3620): arch=c000003e syscall=2 success=no exit=-13 a0=7fff95fcff50 a1=0 a2=fffffffffffffff3 a3=2 items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null) type=AVC msg=audit(1404703914.660:3620): avc: denied { read } for pid=10970 comm="qemu-kvm" name="003" dev="devtmpfs" ino=131880 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file ---- time->Mon Jul 7 11:31:56 2014 type=SYSCALL msg=audit(1404703916.660:3621): arch=c000003e syscall=2 success=no exit=-13 a0=7fff95fcff50 a1=0 a2=fffffffffffffff3 a3=2 items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null) type=AVC msg=audit(1404703916.660:3621): avc: denied { read } for pid=10970 comm="qemu-kvm" name="003" dev="devtmpfs" ino=131880 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file -- Scenario2: Enable both virt_use_usb and selinux # getenforce Enforcing # getsebool virt_use_usb virt_use_usb --> on Issue Couldn't see the usb device inside the guest while attach the usb to the guest, however, could see the device in the guest's xml # virsh attach-device rhel7 usb.xml Device attached successfully # virsh dumpxml rhel7 -- <hostdev mode='subsystem' type='usb' managed='yes'> <source> <address bus='2' device='3'/> </source> <alias name='hostdev0'/> </hostdev> -- login the guest, couldn't see the usb device and it promote the following error #lsusb #cat /var/log/messages Jul 6 23:37:32 rhel6 kernel: hub 1-2:1.0: unable to enumerate USB device on port 1 (In reply to zhenfeng wang from comment #6) > Hi Gerd > I just retest comment0's steps with your test build, find the guest didn't > crash when hotplug usb while disable virt_use_usb, however, find some other > issues with the following two scenarios : Good. > Issues: > 1.The usb can still hotplug successfully even disable the virt_use_usb. the > expect result should fail Adding a usb-host device will never fail. If the device is not present (or can not be opened, due to selinux or something denying access) qemu will wait for the device showing up instead of returning an error. > Scenario2: Enable both virt_use_usb and selinux > # getenforce > Enforcing > # getsebool virt_use_usb > virt_use_usb --> on > > Issue > Couldn't see the usb device inside the guest while attach the usb to the > guest, however, could see the device in the guest's xml Qemu still can't access the usb device it seems. Could be the libvirtd configuration must be tweaked. Libvirt restricts access to files in /dev using cgroups (additionally to selinux). Fix included in qemu-kvm-1.5.3-76.el7 Fix included in qemu-kvm-1.5.3-76.el7 Fix included in qemu-kvm-1.5.3-76.el7 Reproduce:
Version of components:
qemu-kvm-1.5.3-70.el7.x86_64
Steps:
1.Disable virt_use_usb
# getenforce
Enforcing
#setsebool virt_use_usb 0
# getsebool virt_use_usb
virt_use_usb --> off
2.Start a normal guest
#virsh start r7
3.Plug a usb to your local host
# lsusb
Bus 005 Device 008: ID 0ac8:3450 Z-Star Microelectronics Corp.
4.Prepare a xml for the usb
# cat usb.xml
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<address bus='5' device='8'/>
</source>
</hostdev>
5.Hotplug the usb to the guest, the guest will be crashed
# virsh attach-device r7 usb.xml
error: Failed to attach device from usb.xml
error: Unable to read from monitor: Connection reset by peer
# virsh list
Id Name State
----------------------------------------------------
# ps aux|grep qemu
6.Check the qemu log and avc info
#cat /var/log/libvirt/qemu/r7.log
libusbx: error [initialize_device] open failed, ret=-1 errno=1
As above show, this bz has been reproduced.
======================
Verify:
Version of components:
qemu-kvm-1.5.3-77.el7.x86_64
Steps as above show, after step 5, hot-plug this device successfully.
# virsh attach-device r7 usb.xml
Device attached successfully.
Couldn't see the usb device inside the guest while attach the usb to the guest, however, could see the device in the guest's xml.
# virsh dumpxml r7 > li.xml
# cat li.xml
...
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<address bus='5' device='8'/>
</source>
...
As above show and comment 7, this bz has been verified.
============================
Also test with qemu-kvm-rhev-2.1.2-6.el7.x86_64, after step 5, hot-plug this device successfully.
# virsh attach-device r7 usb.xml
Device attached successfully.
Couldn't see the usb device inside the guest while attach the usb to the guest, however, could see the device in the guest's xml.
# virsh dumpxml r7 > li.xml
# cat li.xml
...
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<address bus='5' device='8'/>
</source>
...
So no hit this bz on qemu-kvm-rhev-2.1.2-6.el7.x86_64.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0349.html |
Description of problem: Guest crash when hotplug usb while disable virt_use_usb Version-Release number of selected component (if applicable): qemu-kvm-rhev-1.5.3-60.el7ev_0.2.x86_64 kernel-3.10.0-123.el7.x86_64 libvirt-1.1.1-29.el7.x86_64 selinux-policy-3.12.1-153.el7.3.noarch libselinux-2.2.2-6.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.Disable virt_use_usb # getenforce Enforcing #setsebool virt_use_usb 0 # getsebool virt_use_usb virt_use_usb --> off 2.Start a normal guest #virsh start rhel7 3.Plug a usb to your local host # lsusb Bus 002 Device 003: ID 0951:1666 Kingston Technology 4.Prepare a xml for the usb # cat usb.xml <hostdev mode='subsystem' type='usb' managed='yes'> <source> <address bus='2' device='3'/> </source> </hostdev> 5.Hotplug the usb to the guest, the guest will be crashed # virsh attach-device rhel7 usb.xml error: Failed to attach device from usb.xml error: Unable to read from monitor: Connection reset by peer # virsh list Id Name State ---------------------------------------------------- # ps aux|grep qemu 6.Check the qemu log and avc info #cat /var/log/libvirt/qemu/rhel7.log -- libusbx: error [initialize_device] open failed, ret=-1 errno=1 libusbx: error [initialize_device] open failed, ret=-1 errno=1 libusbx: error [initialize_device] open failed, ret=-1 errno=1 libusbx: error [initialize_device] open failed, ret=-1 errno=1 2014-06-19 08:42:22.370+0000: shutting down # ausearch -m avc -ts recent ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:196): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:196): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/devnum" dev="sysfs" ino=9519 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:197): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=b items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:197): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/descriptors" dev="sysfs" ino=9549 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:198): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=13 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:198): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/bConfigurationValue" dev="sysfs" ino=9505 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:199): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:199): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/busnum" dev="sysfs" ino=9679 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:200): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:200): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/devnum" dev="sysfs" ino=9680 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:201): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=b items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:201): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/descriptors" dev="sysfs" ino=9710 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:202): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=13 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:202): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/bConfigurationValue" dev="sysfs" ino=9666 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file ---- time->Thu Jun 19 16:42:16 2014 type=SYSCALL msg=audit(1403167336.965:195): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null) type=AVC msg=audit(1403167336.965:195): avc: denied { getattr } for pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/busnum" dev="sysfs" ino=9518 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file 7.Passthough the usb to the guest,then start the guest, the guest can be started successfully, however, it will be destroyed automatically later and got the same error with usb hotplug #virsh dumpxml rhe7 -- <hostdev mode='subsystem' type='usb' managed='yes'> <source> <address bus='2' device='3'/> </source> # virsh start rhel7 Domain rhel7 started [root@rhel7f ~]# virsh list Id Name State ---------------------------------------------------- 4 rhel7 running # virsh list Id Name State ---------------------------------------------------- # 8.Re-try the upper test scenario in the rhel6.6, got a different result which the the usb device can hotplug or passthough to the guest successfully even if i disable the virt_use_usb, this should be issue too. Actual results: As steps Expected results: 1.The guest shouldn't be crash while hotplug a usb device to the running guest while disable the virt_use_usb 2.The guest should fail to start while passthough a usb device to the shutoff guest while disable the virt_use_usb 3.Should fail to hotplug a usb device to the running guest while disable the virt_use_usb Additional info: