RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1075543 - Libvirt does not terminate when DHCP snooping is being used
Summary: Libvirt does not terminate when DHCP snooping is being used
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Laine Stump
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-12 10:57 UTC by Stefan Berger
Modified: 2016-04-26 16:16 UTC (History)
6 users (show)

Fixed In Version: libvirt-1.2.7-1.el7
Doc Type: Bug Fix
Doc Text:
In previous versions of libvirt, if a virtual machine configuration had an active nwfilter rule using: <parameter name='CTRL_IP_LEARNING' value='dhcp'/> (i.e. "dhcp snooping") and an attempt was made to terminate libvirtd before the associated nwfilter rule had snooped the guest IP address from DHCP packets, libvirtd would hang on exit. This has been resolved by placing a maximum wait time for learning the IP address with this method; libvirtd will no longer hang on exit.
Clone Of:
Environment:
Last Closed: 2015-03-05 07:31:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0323 0 normal SHIPPED_LIVE Low: libvirt security, bug fix, and enhancement update 2015-03-05 12:10:54 UTC

Description Stefan Berger 2014-03-12 10:57:06 UTC 
Description of problem:


Version-Release number of selected component (if applicable):

libvirt-daemon-1.1.1-23.el7.x86_64

How reproducible:

Steps to Reproduce:
1. Start a VM that uses DHCP snooping containing the following domain XML fragment:

    <interface type='bridge'>
      <source bridge='br0'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
    </interface>

2. Try to terminate libvirtd using the following command for example:
kill -SIGTERM $(pidof libvirtd)

Actual results:

Trying to terminate libvirtd does not work. Libvirtd has to be killed using 'SIGKILL'.

Expected results:

Libvirtd should terminate.


Additional info:

The patch resolving this issue has been pushed to the upstream repo:

commit a718eb19e344f2d8f5e9042a290f9aaa8f651a78
Author: Stefan Berger <stefanb.ibm.com>
Date:   Mon Mar 3 15:13:44 2014 -0500

    nwfilter: Cap the poll timeout in the DHCP Snooping code

    Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
    to not hold up the libvirt shutdown longer than this.

    Signed-off-by: Stefan Berger <stefanb.ibm.com>
Comment 3 Stefan Berger 2014-04-07 13:56:51 UTC 
Would it be possible to apply this patch to an upcoming version of the el7 libvirt?
Comment 6 Hu Jianwei 2014-11-24 10:02:13 UTC 
Verified bug as below:

[root@ibm-x3850x5-06 ~]# rpm -q libvirt
libvirt-1.2.8-7.el7.x86_64
[root@ibm-x3850x5-06 ~]# 
[root@ibm-x3850x5-06 ~]# virsh dumpxml r7| grep /interface -B8
    <interface type='network'>
      <mac address='02:54:00:36:c6:d0'/>
      <source network='default'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
[root@ibm-x3850x5-06 ~]# virsh start r7
Domain r7 started

[root@ibm-x3850x5-06 ~]# service libvirtd status
Redirecting to /bin/systemctl status  libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: active (running) since Mon 2014-11-24 17:58:23 CST; 29s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
 Main PID: 14380 (libvirtd)
   CGroup: /system.slice/libvirtd.service
           ├─14144 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --dhcp-script=/usr/libexe...
           ├─14145 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --dhcp-script=/usr/libexe...
           └─14380 /usr/sbin/libvirtd

Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...2
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...3
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...4
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...5
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...6
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...7
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...8
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...9
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...0
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...1
Hint: Some lines were ellipsized, use -l to show in full.
[root@ibm-x3850x5-06 ~]# kill -SIGTERM 14380 

[root@ibm-x3850x5-06 ~]# service libvirtd status
Redirecting to /bin/systemctl status  libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: inactive (dead) since Mon 2014-11-24 17:59:17 CST; 26s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
  Process: 14380 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 14380 (code=exited, status=0/SUCCESS)

Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...6
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...7
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...8
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...9
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...0
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...1
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPDISCOVER(virbr0) 02:54:00...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPOFFER(virbr0) 192.168.122...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPREQUEST(virbr0) 192.168.1...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPACK(virbr0) 192.168.122.1...g
Hint: Some lines were ellipsized, use -l to show in full.
[root@ibm-x3850x5-06 ~]# 

Move to Verified.
Comment 8 errata-xmlrpc 2015-03-05 07:31:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0323.html
Note You need to log in before you can comment on or make changes to this bug.