Bug 2176924

Fixed upstream:

commit 9134b40d0b43a5e1a9928b0a0d948205941d9807
Author: Peter Krempa <pkrempa>
Date:   Wed Mar 1 17:09:42 2023 +0100

    qemu: domain: Fix logic when tainting domain
    
    Originally the code was skipping all repeated taints with the same taint
    flag but a logic bug introduced in commit 30626ed15b239c424ae inverted
    the condition. This caused that actually the first occurence was NOT
    logged but any subsequent was.
    
    This was noticed when going through oVirt logs as they use custom guest
    agent commands and the logs are totally spammed with this message.
    
    Fixes: 30626ed15b239c424ae891f096057a696eadd715
    Signed-off-by: Peter Krempa <pkrempa>
    Reviewed-by: Laine Stump <laine>

v9.1.0-11-g9134b40d0b

Tested with:
libvirt-9.2.0-1.el9.x86_64

1. prepare a guest with guest agent device
# virsh domtime rhel9.3 
Time: 1680594040

2. check the dominfo
Id:             4
Name:           rhel9.3
UUID:           fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5
OS Type:        hvm
State:          running
CPU(s):         8
CPU time:       594.7s
Max memory:     2883584 KiB
Used memory:    2097152 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c162,c426 (enforcing)

3. check the vcpus about guest using qemu-agent-command
# virsh qemu-agent-command rhel9.3 '{"execute":"guest-get-vcpus"}'
{"return":[{"online":true,"can-offline":true,"logical-id":7},...

4. check the dominfo again
# virsh dominfo rhel9.3 
Id:             4
Name:           rhel9.3
UUID:           fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5
OS Type:        hvm
State:          running
CPU(s):         8
CPU time:       2159.6s
Max memory:     2883584 KiB
Used memory:    2097152 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c162,c426 (enforcing)
Messages:       tainted: custom guest agent control commands issued

5. check the log
# grep -ni tainted /var/log/libvirt/virtqemud.log
13824:2023-04-04 10:14:35.683+0000: 39897: warning : qemuDomainObjTaintMsg:6831 : Domain id=4 name='rhel9.3' uuid=fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5 is tainted: custom-ga-command
13826:2023-04-04 10:14:35.683+0000: 39897: debug : qemuDomainLogAppendMessage:7213 : Append log message (vm='rhel9.3' message='2023-04-04 10:14:35.683+0000: Domain id=4 is tainted: custom-ga-command

6. repeat step 5 for 100 times
# for i in {1..100}; do virsh qemu-agent-command rhel9.3 '{"execute":"guest-get-vcpus"}'; done

7. check the log again
# grep -ni tainted /var/log/libvirt/virtqemud.log
13824:2023-04-04 10:14:35.683+0000: 39897: warning : qemuDomainObjTaintMsg:6831 : Domain id=4 name='rhel9.3' uuid=fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5 is tainted: custom-ga-command
13826:2023-04-04 10:14:35.683+0000: 39897: debug : qemuDomainLogAppendMessage:7213 : Append log message (vm='rhel9.3' message='2023-04-04 10:14:35.683+0000: Domain id=4 is tainted: custom-ga-command

(The tainted message is printed when invoking guest-agent-command for the first time. And no new logs about tainted messages printed for the later invoking, logs are not spammed)

Verify this bug with:
libvirt-9.3.0-1.el9.x86_64

The verification steps are the same with the ones in Comment #2, mark the bug as verified.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: libvirt security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6409