Bug 1452701

Summary: Data corruption in LXC loop mounts on libvirt restart
Product: [Community] Virtualization Tools Reporter: Eugen Rieck <eugen>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: crobinso, eugen, libvirt-maint, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-07 22:36:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eugen Rieck 2017-05-19 13:43:09 UTC 
Description of problem:
On libvirtd restart, the status of LXC containers with loop mounts is wrongly detected, leading to a possible double-mount of an image file with resulting fs corruption.

The bug occurred in Ubuntu (https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1680997) and I was referred here after initial analysis.

Version-Release number of selected component (if applicable):
virsh -c lxc:// version
Compiled against library: libvirt 2.2.0
Using library: libvirt 2.2.0
Using API: LXC 2.2.0
Running hypervisor: LXC 4.4.0


Steps to Reproduce:
1. create an LXC container, that has a loop-mounted image file and start it
2. systemctl stop libvirtd ; sleep 2 ; sync ; systemctl start libvirtd
   the container shows as shut off in virt-manager, no longer responds to network requests, has no attachable console
   The loop mount does no longer show up on host-side "mount" output
      BUT: losetup -a reveals, that a loop device is still attached to the image file
      BUT: In reality this loop device is still mounted, processes in the container still access the file system
      BUT: There is no way to unmount or free it - losetup -d ends without an error but does nothing
3. restart the container (virsh -c lxc:// start name-of-container or via virt-manager)
      THIS SHOULD NOT BE ALLOWED

Actual results:
The image file is now twice mounted and corruption starts creeping in

Expected results:
The loop mount of the image file should either be released on libvirtd stop, or a second mount should be prohibited.

Additional info:
Complete domain XML:
<domain type='lxc'>
  <name>AnyName</name>
  <memory unit='KiB'>2097152</memory>
  <currentMemory unit='KiB'>2097152</currentMemory>
  <vcpu placement='static'>4</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/sbin/init</init>
  </os>
  <features>
    <privnet/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <filesystem type='file' accessmode='passthrough'>
      <driver type='loop' format='raw'/>
      <source file='/path/to/image.raw'/>
      <target dir='/'/>
    </filesystem>
    <interface type='bridge'>
      <mac address='00:16:3e:34:ea:4b'/>
      <source bridge='br1'/>
      <target dev='vnet2'/>
      <guest dev='eth0'/>
    </interface>
    <console type='pty' tty='/dev/pts/3'>
      <source path='/dev/pts/3'/>
      <target type='lxc' port='0'/>
      <alias name='console0'/>
    </console>
    <hostdev mode='capabilities' type='misc'>
      <source>
        <char>/dev/net/tun</char>
      </source>
    </hostdev>
  </devices>
</domain>
Comment 1 Cole Robinson 2017-05-30 21:54:45 UTC 
This is the tracker for upstream libvirt, but your version is a bit old. Can you try the latest libvirt release? version 3.3.0
Comment 2 Cole Robinson 2017-08-07 22:36:13 UTC 
No response, so closing. Someone needs to see if this reproduces with newer libvirt to track it here