Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1075543 - Libvirt does not terminate when DHCP snooping is being used
Libvirt does not terminate when DHCP snooping is being used
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Laine Stump
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-12 06:57 EDT by Stefan Berger
Modified: 2016-04-26 12:16 EDT (History)
6 users (show)

See Also:
Fixed In Version: libvirt-1.2.7-1.el7
Doc Type: Bug Fix
Doc Text:
In previous versions of libvirt, if a virtual machine configuration had an active nwfilter rule using: <parameter name='CTRL_IP_LEARNING' value='dhcp'/> (i.e. "dhcp snooping") and an attempt was made to terminate libvirtd before the associated nwfilter rule had snooped the guest IP address from DHCP packets, libvirtd would hang on exit. This has been resolved by placing a maximum wait time for learning the IP address with this method; libvirtd will no longer hang on exit.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 02:31:23 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0323 normal SHIPPED_LIVE Low: libvirt security, bug fix, and enhancement update 2015-03-05 07:10:54 EST

  None (edit)
Description Stefan Berger 2014-03-12 06:57:06 EDT
Description of problem:


Version-Release number of selected component (if applicable):

libvirt-daemon-1.1.1-23.el7.x86_64

How reproducible:

Steps to Reproduce:
1. Start a VM that uses DHCP snooping containing the following domain XML fragment:

    <interface type='bridge'>
      <source bridge='br0'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
    </interface>

2. Try to terminate libvirtd using the following command for example:
kill -SIGTERM $(pidof libvirtd)

Actual results:

Trying to terminate libvirtd does not work. Libvirtd has to be killed using 'SIGKILL'.

Expected results:

Libvirtd should terminate.


Additional info:

The patch resolving this issue has been pushed to the upstream repo:

commit a718eb19e344f2d8f5e9042a290f9aaa8f651a78
Author: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date:   Mon Mar 3 15:13:44 2014 -0500

    nwfilter: Cap the poll timeout in the DHCP Snooping code

    Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
    to not hold up the libvirt shutdown longer than this.

    Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Comment 3 Stefan Berger 2014-04-07 09:56:51 EDT
Would it be possible to apply this patch to an upcoming version of the el7 libvirt?
Comment 6 Hu Jianwei 2014-11-24 05:02:13 EST
Verified bug as below:

[root@ibm-x3850x5-06 ~]# rpm -q libvirt
libvirt-1.2.8-7.el7.x86_64
[root@ibm-x3850x5-06 ~]# 
[root@ibm-x3850x5-06 ~]# virsh dumpxml r7| grep /interface -B8
    <interface type='network'>
      <mac address='02:54:00:36:c6:d0'/>
      <source network='default'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
[root@ibm-x3850x5-06 ~]# virsh start r7
Domain r7 started

[root@ibm-x3850x5-06 ~]# service libvirtd status
Redirecting to /bin/systemctl status  libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: active (running) since Mon 2014-11-24 17:58:23 CST; 29s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
 Main PID: 14380 (libvirtd)
   CGroup: /system.slice/libvirtd.service
           ├─14144 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --dhcp-script=/usr/libexe...
           ├─14145 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --dhcp-script=/usr/libexe...
           └─14380 /usr/sbin/libvirtd

Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...2
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...3
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...4
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...5
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...6
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...7
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...8
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...9
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...0
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...1
Hint: Some lines were ellipsized, use -l to show in full.
[root@ibm-x3850x5-06 ~]# kill -SIGTERM 14380 

[root@ibm-x3850x5-06 ~]# service libvirtd status
Redirecting to /bin/systemctl status  libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: inactive (dead) since Mon 2014-11-24 17:59:17 CST; 26s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
  Process: 14380 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 14380 (code=exited, status=0/SUCCESS)

Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...6
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...7
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...8
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...9
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...0
Nov 24 17:58:30 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com libvirtd[14380]: 2014-11-24 09:58:30.848+0000: 145...1
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPDISCOVER(virbr0) 02:54:00...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPOFFER(virbr0) 192.168.122...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPREQUEST(virbr0) 192.168.1...0
Nov 24 17:59:06 ibm-x3850x5-06.qe.lab.eng.nay.redhat.com dnsmasq-dhcp[14144]: DHCPACK(virbr0) 192.168.122.1...g
Hint: Some lines were ellipsized, use -l to show in full.
[root@ibm-x3850x5-06 ~]# 

Move to Verified.
Comment 8 errata-xmlrpc 2015-03-05 02:31:23 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0323.html

Note You need to log in before you can comment on or make changes to this bug.