Bug 532654

Summary: virsh save hangs in Fedora12 rawhide
Product: [Fedora] Fedora Reporter: IBM Bug Proxy <bugproxy>
Component: libvirtAssignee: Daniel Berrange <berrange>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 12CC: amcnabb, berrange, clalance, crobinso, gandr, itamar, jforbes, lucien, markmc, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: All   
Whiteboard:
Fixed In Version: libvirt-0.7.1-16.fc12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-28 13:56:38 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 498969    
Attachments:
Description Flags
dmesg and strace of virsh save
none
fix_virsh_save.patch
none
Fix save & restore with unprivileged guests, and SELinux
none
strace o/p none

Description IBM Bug Proxy 2009-11-03 06:01:52 EST
=Comment: #0=================================================
SANTWANA SAMANTRAY <santwana.samantray@in.ibm.com> - 

virsh save of the kvm guest hangs in Fedora12 rawhide.
After this, virsh doesn't respond properly, and even restarting libvirtd doesn't help.

Attachment: dmesg and strace of virsh save

[root@mx3550 ~]# strace -o virsh_save -f virsh save rhel6 /home/latest_save
-------HANGS HERE----------- 

uname -a :Linux mx3550.in.ibm.com 2.6.31.5-96.fc12.x86_64 #1 SMP Fri Oct 23 19:30:30 EDT 2009 x86_64
x86_64 x86_64 GNU/Linux

Below are the versions installed:
[root@mx3550 ~]# rpm -qa|grep libvirt
libvirt-client-0.7.1-13.fc12.x86_64
libvirt-debuginfo-0.7.1-13.fc12.x86_64
libvirt-devel-0.7.1-13.fc12.x86_64
libvirt-python-0.7.1-13.fc12.x86_64
libvirt-0.7.1-13.fc12.x86_64

[root@mx3550 ~]# rpm -qa|grep kvm
qemu-kvm-0.11.0-9.fc12.x86_64

=Comment: #1=================================================
ANOOP C. VIJAYAN <anoop.vijayan@in.ibm.com> - 
The save hangs because the qemu process is not able to write to the file which libvirtd created.
This happens because qemu-kvm runs with uid of qemu user whereas libvirtd runs as a root user.
Moreover libvirtd creates the save file with only owner (root) read & write permissions.

[root@mx3550 ~]# tail /var/log/libvirt/qemu/rhel6.log
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=none
/usr/bin/qemu-kvm -S -M pc-0.11 -m 500 -smp 1 -name rhel6 -uuid 47b90387-e42a-d493-f037-0425f580cb9d
-monitor unix:/var/lib/libvirt/qemu/rhel6.monitor,server,nowait -boot c -drive
file=/var/lib/libvirt/images/rhel6.raw,if=ide,index=0,boot=on,format=raw -drive
file=,if=ide,media=cdrom,index=2 -net nic,macaddr=52:54:00:39:3f:5c,vlan=0,name=nic.0 -net
tap,fd=17,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
char device redirected to /dev/pts/1
sh: /home/newguest: Permission denied <=======

[root@mx3550 ~]# ls -l /home/newguest
-rw------- 1 root root 1468 2009-11-03 15:59 /home/newguest

[root@mx3550 ~]# ps -eaf|grep qemu
qemu      4616     1 71 15:56 ?        00:00:28 /usr/bin/qemu-kvm -S -M pc-0.11 -m 500 -smp 1 -name
rhel6 -uuid 47b90387-e42a-d493-f037-0425f580cb9d -monitor
unix:/var/lib/libvirt/qemu/rhel6.monitor,server,nowait -boot c -drive
file=/var/lib/libvirt/images/rhel6.raw,if=ide,index=0,boot=on,format=raw -drive
file=,if=ide,media=cdrom,index=2 -net nic,macaddr=52:54:00:39:3f:5c,vlan=0,name=nic.0 -net
tap,fd=17,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus

[root@mx3550 ~]# ps -eaf|grep libvirtd
root      3800     1  0 15:32 ?        00:00:02 libvirtd --daemon

file: libvirt-0.7.1/src/qemu_driver.c
3803 static int qemudDomainSave(virDomainPtr dom,
3804                            const char *path)
3805 {
------cut-----------
3874     /* Write header to file, followed by XML */
3875     if ((fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR)) < 0) {
3876         qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
3877                          _("failed to create '%s'"), path);
Comment 1 IBM Bug Proxy 2009-11-03 06:02:03 EST
Created attachment 367283 [details]
dmesg and strace of virsh save
Comment 2 IBM Bug Proxy 2009-11-05 07:51:17 EST
Created attachment 367606 [details]
fix_virsh_save.patch


------- Comment on attachment From anoop.vijayan@in.ibm.com 2009-11-05 07:47 EDT-------


Attaching a patch which gives write permission for the qemu user on the save file. Santwana, please test it and update with the results.
Comment 3 IBM Bug Proxy 2009-11-06 07:01:50 EST
------- Comment From santwana.samantray@in.ibm.com 2009-11-06 06:51 EDT-------
Hello Anoop,

I verified the issue, after the patch was applied. This patch solves the write permission for the qemu user while saving the guest, and the guest saves properly. The issue is now resolved.

Thanks for the patch.
Santwana
Comment 4 Andrew McNabb 2009-11-10 13:37:56 EST
I have seen this problem, too.  Are there any plans for when this patch will be included in the RPMs for Fedora 12?  Thanks.
Comment 5 Daniel Berrange 2009-11-11 07:24:08 EST
Created attachment 369012 [details]
Fix save & restore with unprivileged guests, and SELinux 

When running qemu:///system instance, libvirtd runs as root, but QEMU may optionally be configured to run non-root. When then saving a guest to a state file, the file is initially created as root, and thus QEMU cannot write to it. It is also missing labelling required to allow access via SELinux. This patch fixes those issues.


http://www.redhat.com/archives/libvir-list/2009-November/msg00376.html
Comment 6 Daniel Berrange 2009-11-11 07:27:25 EST
*** Bug 529363 has been marked as a duplicate of this bug. ***
Comment 7 Bug Zapper 2009-11-16 09:58:36 EST
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Mark McLoughlin 2009-11-19 07:37:49 EST
Sounds like we also need:

  http://www.redhat.com/archives/libvir-list/2009-November/msg00640.html
Comment 9 Fedora Update System 2010-05-18 12:55:51 EDT
libvirt-0.7.1-16.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/libvirt-0.7.1-16.fc12
Comment 10 Fedora Update System 2010-05-19 15:13:50 EDT
libvirt-0.7.1-16.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libvirt'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/libvirt-0.7.1-16.fc12
Comment 11 Fedora Update System 2010-05-28 13:56:04 EDT
libvirt-0.7.1-16.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 IBM Bug Proxy 2010-10-06 09:30:58 EDT
Created attachment 451893 [details]
strace o/p


------- Comment (attachment only) From dipraksh@linux.vnet.ibm.com 2010-10-06 09:20 EDT-------