Bug 2176924

Summary: Logs are spammed with ' Domain id=7 is tainted: custom-ga-command' message [rhel-9.3.0]
Product: Red Hat Enterprise Linux 9 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: libvirtAssignee: Peter Krempa <pkrempa>
libvirt sub component: General QA Contact: Lili Zhu <lizhu>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: jdenemar, jsuchane, lizhu, lmen, virt-maint, ymankad
Version: 9.0Keywords: Triaged
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-9.2.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2174446 Environment:
Last Closed: 2023-11-07 08:31:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: 9.2.0
Embargoed:
Bug Depends On: 2174446    
Bug Blocks:    

Comment 1 Peter Krempa 2023-03-09 16:48:49 UTC 
Fixed upstream:

commit 9134b40d0b43a5e1a9928b0a0d948205941d9807
Author: Peter Krempa <pkrempa>
Date:   Wed Mar 1 17:09:42 2023 +0100

    qemu: domain: Fix logic when tainting domain
    
    Originally the code was skipping all repeated taints with the same taint
    flag but a logic bug introduced in commit 30626ed15b239c424ae inverted
    the condition. This caused that actually the first occurence was NOT
    logged but any subsequent was.
    
    This was noticed when going through oVirt logs as they use custom guest
    agent commands and the logs are totally spammed with this message.
    
    Fixes: 30626ed15b239c424ae891f096057a696eadd715
    Signed-off-by: Peter Krempa <pkrempa>
    Reviewed-by: Laine Stump <laine>

v9.1.0-11-g9134b40d0b
Comment 2 Lili Zhu 2023-04-04 11:39:54 UTC 
Tested with:
libvirt-9.2.0-1.el9.x86_64

1. prepare a guest with guest agent device
# virsh domtime rhel9.3 
Time: 1680594040

2. check the dominfo
Id:             4
Name:           rhel9.3
UUID:           fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5
OS Type:        hvm
State:          running
CPU(s):         8
CPU time:       594.7s
Max memory:     2883584 KiB
Used memory:    2097152 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c162,c426 (enforcing)

3. check the vcpus about guest using qemu-agent-command
# virsh qemu-agent-command rhel9.3 '{"execute":"guest-get-vcpus"}'
{"return":[{"online":true,"can-offline":true,"logical-id":7},...

4. check the dominfo again
# virsh dominfo rhel9.3 
Id:             4
Name:           rhel9.3
UUID:           fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5
OS Type:        hvm
State:          running
CPU(s):         8
CPU time:       2159.6s
Max memory:     2883584 KiB
Used memory:    2097152 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c162,c426 (enforcing)
Messages:       tainted: custom guest agent control commands issued

5. check the log
# grep -ni tainted /var/log/libvirt/virtqemud.log
13824:2023-04-04 10:14:35.683+0000: 39897: warning : qemuDomainObjTaintMsg:6831 : Domain id=4 name='rhel9.3' uuid=fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5 is tainted: custom-ga-command
13826:2023-04-04 10:14:35.683+0000: 39897: debug : qemuDomainLogAppendMessage:7213 : Append log message (vm='rhel9.3' message='2023-04-04 10:14:35.683+0000: Domain id=4 is tainted: custom-ga-command

6. repeat step 5 for 100 times
# for i in {1..100}; do virsh qemu-agent-command rhel9.3 '{"execute":"guest-get-vcpus"}'; done

7. check the log again
# grep -ni tainted /var/log/libvirt/virtqemud.log
13824:2023-04-04 10:14:35.683+0000: 39897: warning : qemuDomainObjTaintMsg:6831 : Domain id=4 name='rhel9.3' uuid=fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5 is tainted: custom-ga-command
13826:2023-04-04 10:14:35.683+0000: 39897: debug : qemuDomainLogAppendMessage:7213 : Append log message (vm='rhel9.3' message='2023-04-04 10:14:35.683+0000: Domain id=4 is tainted: custom-ga-command

(The tainted message is printed when invoking guest-agent-command for the first time. And no new logs about tainted messages printed for the later invoking, logs are not spammed)
Comment 5 Lili Zhu 2023-05-21 04:05:15 UTC 
Verify this bug with:
libvirt-9.3.0-1.el9.x86_64

The verification steps are the same with the ones in Comment #2, mark the bug as verified.
Comment 8 errata-xmlrpc 2023-11-07 08:31:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: libvirt security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6409