Bug 1112690

Summary: nwfilter deadlock
Product: Red Hat Enterprise Linux 7 Reporter: Jan Kurik <jkurik>
Component: libvirtAssignee: Jiri Denemark <jdenemar>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: acathrow, dyuan, honzhang, jdenemar, jiahu, jkurik, libvirt-maint, mzhan, pm-eus, stefanb, tdosek
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: libvirt-1.1.1-29.el7_0.1 Doc Type: Bug Fix
Doc Text:
Cause: Trying to start a domain which does not exist anymore leaves network filters locked for read-only access. Consequence: Any attempt to gain read-write access to network filters (such as trying to edit a filter) causes a deadlock. Fix: Properly unlock network filters. Result: Starting a non-existent domain does not cause a deadlock on network filters any more.
 Story Points: ---
Clone Of: 1088864 Environment:
Last Closed: 2014-07-22 18:31:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1088864    
Bug Blocks:    

Description Jan Kurik 2014-06-24 13:40:29 UTC 
This bug has been copied from bug #1088864 and has been proposed
to be backported to 7.0 z-stream (EUS).
Comment 6 Hu Jianwei 2014-07-08 06:13:14 UTC 
I can not reproduce it on libvirt-1.1.1-29.el7_0.1.x86_64

Version:
libvirt-1.1.1-29.el7_0.1.x86_64
qemu-kvm-rhev-1.5.3-60.el7ev_0.2.x86_64

[root@hp-dl385g7-14 ~]# virsh create test.xml 
Domain test created from test.xml

[root@hp-dl385g7-14 ~]# python
Python 2.7.5 (default, Feb 11 2014, 07:46:25) 
[GCC 4.8.2 20140120 (Red Hat 4.8.2-13)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> conn = libvirt.open("")
>>> dom = conn.lookupByName("test")
>>> dom.destroy()
0
>>> dom.createWithFlags(0)
libvirt: QEMU Driver error : Domain not found: no domain with matching uuid '0cbe81f2-391f-4953-918e-ace248038a2f' (test)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 728, in createWithFlags
    if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', dom=self)
libvirt.libvirtError: Domain not found: no domain with matching uuid '0cbe81f2-391f-4953-918e-ace248038a2f' (test)
>>> 

After above steps, in another terminal, do the following actions.
[root@hp-dl385g7-14 qemu]# virsh nwfilter-dumpxml allow-arp
<filter name='allow-arp' chain='arp' priority='-500'>
  <uuid>9cf925e2-646a-45a7-8d24-9d7277d5403f</uuid>
  <rule action='accept' direction='inout' priority='500'/>
</filter>

[root@hp-dl385g7-14 qemu]# virsh nwfilter-edit allow-arp
Network filter allow-arp XML configuration edited.

[root@hp-dl385g7-14 qemu]# virsh nwfilter-dumpxml allow-arp
<filter name='allow-arp' chain='arp' priority='-500'>
  <uuid>9cf925e2-646a-45a7-8d24-9d7277d5403f</uuid>
  <rule action='accept' direction='inout' priority='501'/>
</filter>

[root@hp-dl385g7-14 qemu]# virsh nwfilter-list
UUID                                  Name                 
----------------------------------------------------------------
9cf925e2-646a-45a7-8d24-9d7277d5403f  allow-arp           
4533d765-187b-4cf3-a41e-2d068c8514bf  allow-dhcp          
79af1543-c8be-4106-b5ce-0f317beff4a8  allow-dhcp-server   
18cbdf52-0679-4aa8-b71a-45e3f8f6d3b6  allow-incoming-ipv4 
46fed02d-de6c-439a-9e1a-32c9f76a6751  allow-ipv4          
8b586c8d-8dfc-4851-902b-53ba7f119930  clean-traffic       
e52af788-d149-4316-8933-728afe74b56c  no-arp-ip-spoofing  
3040d36c-9fb9-401a-b001-029a46b39891  no-arp-mac-spoofing 
7a93a766-b70c-48c2-b667-85b380201bff  no-arp-spoofing     
9213e16f-fd6b-4074-8d92-4fd8759090d3  no-ip-multicast     
615efb0f-5f12-4bc5-affd-68fcbfbf3710  no-ip-spoofing      
1800a6ce-1d34-40d2-8f27-36933c6284ce  no-mac-broadcast    
ab873771-4a07-47a0-89f8-04c3a7236291  no-mac-spoofing     
9e06505a-f0b6-4c3d-b9ce-0f2eddce6f34  no-other-l2-traffic 
28e1eee7-9f96-4270-be4e-7071d3d986ac  no-other-rarp-traffic
2555c4c2-bdb3-41c1-b346-ee762d395f9c  qemu-announce-self  
50221b7b-b155-4f11-8742-eebee2e5be4c  qemu-announce-self-rarp

No deadlock occurs, we can get expected results, change to Verified.
Comment 8 errata-xmlrpc 2014-07-22 18:31:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0914.html