Bug 1182494

Summary: BUG: qemu-kvm hang when enabled both sandbox and mlock
Product: Red Hat Enterprise Linux 7 Reporter: mazhang <mazhang>
Component: qemu-kvm-rhevAssignee: Paolo Bonzini <pbonzini>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: high    
Version: 7.1CC: chayang, hhuang, huding, juzhang, mazhang, michen, pbonzini, pmoore, snagar, tlavigne, virt-maint, xfu, ypu
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.1.2-21.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:58:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
system calls none

Description mazhang 2015-01-15 09:46:26 UTC 
Description of problem:
qemu-kvm hang when enabled both sandbox and mlock

Version-Release number of selected component (if applicable):

Host:
qemu-kvm-tools-rhev-2.1.2-19.el7.x86_64
qemu-img-rhev-2.1.2-19.el7.x86_64
qemu-kvm-common-rhev-2.1.2-19.el7.x86_64
qemu-kvm-rhev-debuginfo-2.1.2-19.el7.x86_64
qemu-kvm-rhev-2.1.2-19.el7.x86_64
3.10.0-222.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.Start qemu-kvm with enable sandbox and mlock
/usr/libexec/qemu-kvm -M pc -monitor stdio -vnc :0 -realtime mlock=on -sandbox on
2.
3.

Actual results:
qemu-kvm hang.

 5600 pts/0    S+     0:00 strace /usr/libexec/qemu-kvm -M pc -monitor stdio -vnc :0 -realtime mlock=on -sandbox on
 5603 pts/0    Zl+    0:00 [qemu-kvm] <defunct>


Expected results:
qemu-kvm work well.

Additional info:
Comment 2 mazhang 2015-01-15 09:51:56 UTC 
Created attachment 980391 [details]
system calls
Comment 3 mazhang 2015-01-15 09:53:08 UTC 
qemu-kvm-1.5.3-60.el7 can't hit this problem.
Comment 4 mazhang 2015-01-15 10:03:56 UTC 
qemu-kvm-1.5.3-85.el7.x86_64 works well.
Comment 7 mazhang 2015-01-15 11:30:28 UTC 
Summary:
qemu-kvm-rhev-2.1.2-13.el7 pass
qemu-kvm-rhev-2.1.2-16.el7 pass
qemu-kvm-rhev-2.1.2-17.el7 pass
qemu-kvm-rhev-2.1.2-18.el7 fail
qemu-kvm-rhev-2.1.2-19.el7 fail

qemu-kvm-1.5.3-60.el7 pass
qemu-kvm-1.5.3-85.el7 pass
Comment 9 Eduardo Habkost 2015-01-15 19:42:00 UTC 
I can reproduce it, it looks like mlockall() is missing from the syscall whitelist.
Comment 10 mazhang 2015-01-16 02:24:39 UTC 
Start qemu-kvm by libvirt also hit this problem.

libvirt-1.2.8-12.el7.x86_64

/etc/libvirt/qemu.conf
...
# Use seccomp syscall whitelisting in QEMU.
# 1 = on, 0 = off, -1 = use QEMU default
# Defaults to -1.
#
seccomp_sandbox = 1
...

Libvirt xml file.
...
  <name>rhel7.1</name>
  <uuid>83ff576d-e168-49d1-9b2c-8b7f2e6643dc</uuid>
  <memory unit='KiB'>1048576</memory>
  <currentMemory unit='KiB'>1048576</currentMemory>
  <memoryBacking>
    <locked/>
  </memoryBacking>
...
Comment 15 Jeff Nelson 2015-01-23 20:00:25 UTC 
Fix included in qemu-kvm-rhev-2.1.2-21.el7
Comment 17 Chao Yang 2015-01-26 07:33:56 UTC 
Reproduced with qemu-kvm-rhev-2.1.2-20.el7.x86_64. 

Steps:
1. start a guest with both -sandbox on -realtime mlock=on

Actual Result:
No response from HMP. qemu-kvm died. ps shows:
[qemu-kvm] <defunct>


Verified pass with qemu-kvm-rhev-2.1.2-21.el7.x86_64. Guest can boot up correctly. So this bug got fixed.
Comment 20 errata-xmlrpc 2015-03-05 09:58:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0624.html