Bug 2048435

Summary: Libvirt does not validate domain XML on migration
Product: Red Hat Enterprise Linux 9 Reporter: Michal Privoznik <mprivozn>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
libvirt sub component: Live Migration QA Contact: Jing Qi <jinqi>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: dhildenb, jdenemar, jinqi, jsuchane, lcheng, lmen, mprivozn, mtessun, pkrempa, virt-maint, xuzhang, yanghliu
Version: 9.0Keywords: Triaged, Upstream
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-8.0.0-4.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2047271
: 2050697 (view as bug list) Environment:
Last Closed: 2022-05-17 12:46:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: 7.9.0
Embargoed:
Bug Depends On:    
Bug Blocks: 2014487, 2047797    

Description Michal Privoznik 2022-01-31 09:14:20 UTC 
When migrating to an older QEMU (or QEMU that has some features turned off), then libvirt starts QEMU and let it fail whilst loading the incoming migration stream. This is because the domain XML is never validated against qemuCaps on the destination. While discovered with virtio-mem this bug can be reproduced with virtually any device.

+++ This bug was initially created as a clone of Bug #2047271 +++

--- Additional comment from Jing Qi on 2022-01-29 03:02:34 CET ---

Michal,can you please help to make sure if the migration issue also be fixed in above patch? Thanks

<memory model='virtio-mem'>
      <source>
        <pagesize unit='KiB'>2048</pagesize>
      </source>
      <target>
        <size unit='KiB'>131072</size>
        <node>0</node>
        <block unit='KiB'>2048</block>
        <requested unit='KiB'>131072</requested>
      </target>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </memory>

virsh migrate rhel9  qemu+ssh://dell-per740xd-27.lab.eng.pek2.redhat.com/system --live --

error: internal error: qemu unexpectedly closed the monitor: 2022-01-29T01:57:12.336180Z qemu-kvm: -device virtio-mem-pci,node=0,block-size=2097152,requested-size=134217728,memdev=memvirtiomem0,id=virtiomem0,bus=pcie.0,addr=0x1: 'virtio-mem-pci' is not a valid device model name

--- Additional comment from Michal Privoznik on 2022-01-31 09:38:39 CET ---

(In reply to Jing Qi from comment #2)
>
> error: internal error: qemu unexpectedly closed the monitor:
> 2022-01-29T01:57:12.336180Z qemu-kvm: -device
> virtio-mem-pci,node=0,block-size=2097152,requested-size=134217728,
> memdev=memvirtiomem0,id=virtiomem0,bus=pcie.0,addr=0x1: 'virtio-mem-pci' is
> not a valid device model name

Huh, so this indeed is a problem, but again not specific to virtio-mem. It only demonstrates itself via virtio-mem because that's one of the few differences between RHEL-9 and RHEL-8.6 QEMUs. But in general, XMLs used in migration or save/restore of domain are not validated. Let me open it as a new bug.
Comment 1 Michal Privoznik 2022-01-31 12:35:47 UTC 
v1:

https://listman.redhat.com/archives/libvir-list/2022-January/msg01307.html

v2:

https://listman.redhat.com/archives/libvir-list/2022-January/msg01312.html
Comment 2 Michal Privoznik 2022-02-04 13:07:47 UTC 
Merged upstream as:

517b8c12b9 qemu: Validate domain definition even on migration

v8.0.0-290-g517b8c12b9
Comment 3 Michal Privoznik 2022-02-04 13:19:38 UTC 
To POST:

https://gitlab.com/redhat/rhel/src/libvirt/-/merge_requests/9
Comment 6 Jing Qi 2022-02-11 06:16:57 UTC 
Tested with source version - libvirt-daemon-8.0.0-4.el9.x86_64 & qemu-kvm-6.2.0-7.el9.x86_64

& target version- libvirt-daemon-8.0.0-4.module+el8.6.0+14186+211b270d.x86_64 & qemu-kvm-6.2.0-5.module+el8.6.0+14025+ca131e0a.x86_64


#virsh migrate rhel_i qemu+ssh://**.redhat.com/system --live  --p2p

error: unsupported configuration: virtio-mem isn't supported by this QEMU binary
Comment 10 Jing Qi 2022-02-14 05:50:32 UTC 
Verified according comment 6
Comment 12 errata-xmlrpc 2022-05-17 12:46:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: libvirt), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2390