Bug 1378290
| Summary: | Libvirt didn't check Multiplication overflow when check if socket*core*thread equal maxvcpu number | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Luyao Huang <lhuang> |
| Component: | libvirt | Assignee: | Peter Krempa <pkrempa> |
| Status: | CLOSED ERRATA | QA Contact: | Jingjing Shao <jishao> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7.3 | CC: | dyuan, jdenemar, pkrempa, rbalakri, xuzhang |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-2.5.0-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 17:16:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed upstream:
commit da0d82d15fd86ca3ed28ec2820fdb824cf92ae91
Author: Peter Krempa <pkrempa>
Date: Mon Oct 10 15:46:25 2016 +0200
conf: Sanitize cpu topology numbers
Make sure that the topology results into a sane number of cpus (up to
UINT_MAX) so that it can be sanely compared to the vcpu count of the VM.
Additionally the helper added in this patch allows to fetch the total
number the topology results to so that it does not have to be
reimplemented later.
Verify this bug as below: # rpm -q libvirt libvirt-2.5.0-1.el7.x86_64 (1) define the domain # cat rhel7.3-cpu.xml | grep cpu -A8 ... <vcpu placement='static' current='4'>12</vcpu> ... <cpu> <topology sockets='2' cores='4294967293' threads='4294967294'/> </cpu> .... # virsh define rhel7.3-cpu.xml error: Failed to define domain from rhel7.3-cpu.xml error: unsupported configuration: cpu topology results in more than 4294967295 cpus (2) edit the domain # virsh list --all Id Name State ---------------------------------------------------- - rhel7.3 shut off edit the xml of domain ... <vcpu placement='static' current='4'>12</vcpu> ... <cpu> <topology sockets='2' cores='4294967293' threads='4294967294'/> </cpu> .... # virsh edit rhel7.3 error: unsupported configuration: cpu topology results in more than 4294967295 cpus Failed. Try again? [y,n,i,f,?]: The result is as expected. so change the status to verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 |
Description of problem: Libvirt didn't check Multiplication overflow when check if socket*core*thread equal maxvcpu number and this cause a strange problem Version-Release number of selected component (if applicable): libvirt-2.0.0-10.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. edit guest xml and make cpu topology like this: # virsh dumpxml r7 ... <vcpu placement='static' current='4'>12</vcpu> ... <topology sockets='2' cores='4294967293' threads='4294967294'/> ... 2. start guest: # virsh start r7 error: Failed to start domain r7 error: internal error: unable to execute QEMU command 'device_add': Invalid CPU core-id: 1 must be in range 0:4294967292 Actual results: Libvirt have a check for vcpu topology during parse xml (validate): ... if (def->cpu && def->cpu->sockets) { topologycpus = def->cpu->sockets * def->cpu->cores * def->cpu->threads; if (topologycpus != virDomainDefGetVcpusMax(def)) { /* presence of query-hotpluggable-cpus should be a good enough witness */ ... But didn't check if there is a Multiplication overflow problem Expected results: Don't allow define a guest like this, since 4294967293 * 4294967294 * 2 != 12 Additional info: