Bug 1996130
| Summary: | Detecting TSC timer frequencies requires too many privileges [rhel-8.4.0.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | RHEL Program Management Team <pgm-rhel-tools> |
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
| Status: | CLOSED ERRATA | QA Contact: | Luyao Huang <lhuang> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.4 | CC: | chhu, jdenemar, jsuchane, lmen, mprivozn, pkrempa, virt-maint, xuzhang, ymankad |
| Target Milestone: | rc | Keywords: | Upstream, ZStream |
| Target Release: | 8.5 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-7.0.0-14.4.el8 | Doc Type: | Bug Fix |
| Doc Text: |
Cause:
When querying for TSC scaling (which is then reported in capabilities XML), libvirt used so called Machine Specific Registers (MSRs). This operation, however, requires root privileges and thus is not very container friendly. Moreover, when container doesn't have enough permissions libvirt would fallback to an alternative approach which doesn't yield correct results.
Consequence:
Container tools (like CNV) were given confusing information on TSC scaling.
Fix:
The fix consists of matching what QEMU does: asking /dev/kvm directly. This not only reports correct info in all cases but also doesn't require additional permissions.
Result:
Container tools are happy again.
|
Story Points: | --- |
| Clone Of: | 1992479 | Environment: | |
| Last Closed: | 2021-09-30 16:54:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1992479 | ||
| Bug Blocks: | |||
|
Comment 1
Michal Privoznik
2021-08-23 08:02:59 UTC
Reproduce this bug with libvirt-daemon-7.0.0-14.3.module+el8.4.0+11878+84e54169:
1. make sure TSC scaling is supported in privileged mode
# virsh capabilities
...
<counter name='tsc' frequency='2095077000' scaling='yes'/>
...
2. create a unprivileged user and run virsh capabilities in user mode, and libvirt report run support status of TSC scaling:
# su - lhuang
$ virsh capabilities
...
<counter name='tsc' frequency='2095077000' scaling='no'/>
...
Verify this bug with libvirt-daemon-7.0.0-14.4.module+el8.4.0+12413+d23780e6:
1. make sure TSC scaling is supported in privileged mode
# virsh capabilities
...
<counter name='tsc' frequency='2095077000' scaling='yes'/>
...
2. create a unprivileged user and run virsh capabilities in user mode, libvirt report correct support information of TSC scaling:
# su - lhuang
$ virsh capabilities
...
<counter name='tsc' frequency='2095077000' scaling='yes'/>
...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: virt:av and virt-devel:av security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3703 |