1111450 – Guest crash when hotplug usb while disable virt_use_usb

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1111450 - Guest crash when hotplug usb while disable virt_use_usb

Summary: Guest crash when hotplug usb while disable virt_use_usb

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.0
Hardware:	All
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Gerd Hoffmann
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1111451
TreeView+	depends on / blocked

Reported:	2014-06-20 05:01 UTC by zhenfeng wang
Modified:	2015-03-05 08:10 UTC (History)
CC List:	16 users (show)
Fixed In Version:	qemu-kvm-1.5.3-76.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1111451 (view as bug list)
Environment:
Last Closed:	2015-03-05 08:10:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0349	0	normal	SHIPPED_LIVE	Important: qemu-kvm security, bug fix, and enhancement update	2015-03-05 12:27:34 UTC

Description zhenfeng wang 2014-06-20 05:01:57 UTC

Description of problem:
Guest crash when hotplug usb while disable virt_use_usb

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-1.5.3-60.el7ev_0.2.x86_64
kernel-3.10.0-123.el7.x86_64
libvirt-1.1.1-29.el7.x86_64
selinux-policy-3.12.1-153.el7.3.noarch
libselinux-2.2.2-6.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Disable virt_use_usb
# getenforce
Enforcing
#setsebool virt_use_usb 0
# getsebool virt_use_usb
virt_use_usb --> off

2.Start a normal guest
#virsh start rhel7

3.Plug a usb to your local host
# lsusb
Bus 002 Device 003: ID 0951:1666 Kingston Technology

4.Prepare a xml for the usb
# cat usb.xml
<hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='2' device='3'/>
      </source>
    </hostdev>

5.Hotplug the usb to the guest, the guest will be crashed
# virsh attach-device rhel7 usb.xml
error: Failed to attach device from usb.xml
error: Unable to read from monitor: Connection reset by peer
# virsh list
 Id    Name                           State
----------------------------------------------------

# ps aux|grep qemu

6.Check the qemu log and avc info
#cat /var/log/libvirt/qemu/rhel7.log
--
libusbx: error [initialize_device] open failed, ret=-1 errno=1
libusbx: error [initialize_device] open failed, ret=-1 errno=1
libusbx: error [initialize_device] open failed, ret=-1 errno=1
libusbx: error [initialize_device] open failed, ret=-1 errno=1
2014-06-19 08:42:22.370+0000: shutting down

# ausearch -m avc -ts recent
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:196): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:196): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/devnum" dev="sysfs" ino=9519 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:197): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=b items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:197): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/descriptors" dev="sysfs" ino=9549 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:198): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=13 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:198): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/bConfigurationValue" dev="sysfs" ino=9505 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:199): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:199): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/busnum" dev="sysfs" ino=9679 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:200): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:200): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/devnum" dev="sysfs" ino=9680 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:201): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=b items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:201): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/descriptors" dev="sysfs" ino=9710 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:202): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=13 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:202): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/bConfigurationValue" dev="sysfs" ino=9666 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Thu Jun 19 16:42:16 2014
type=SYSCALL msg=audit(1403167336.965:195): arch=c000003e syscall=4 success=no exit=-13 a0=7fff00d78480 a1=7fff00d783f0 a2=7fff00d783f0 a3=6 items=0 ppid=1 pid=2589 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c0,c99 key=(null)
type=AVC msg=audit(1403167336.965:195): avc:  denied  { getattr } for  pid=2589 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1a.0/usb1/busnum" dev="sysfs" ino=9518 scontext=system_u:system_r:svirt_t:s0:c0,c99 tcontext=system_u:object_r:sysfs_t:s0 tclass=file

7.Passthough the usb to the guest,then start the guest, the guest can be started successfully, however, it will be destroyed automatically later
and got the same error with usb hotplug
#virsh dumpxml rhe7
--
    <hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='2' device='3'/>
      </source>
# virsh start rhel7
Domain rhel7 started

[root@rhel7f ~]# virsh list  
 Id    Name                           State
----------------------------------------------------
 4     rhel7                          running

# virsh list  
 Id    Name                           State
----------------------------------------------------

#

8.Re-try the upper test scenario in the rhel6.6, got a different result which the the usb device can hotplug or passthough to the guest successfully even
if i disable the virt_use_usb, this should be issue too.


Actual results:
As steps

Expected results:
1.The guest shouldn't be crash while hotplug a usb device to the running guest while disable the virt_use_usb
2.The guest should fail to start while passthough a usb device to the shutoff guest while disable the virt_use_usb
3.Should fail to hotplug a usb device to the running guest while disable the virt_use_usb
Additional info:

Comment 2 Peter Krempa 2014-06-20 06:57:15 UTC

Please attach the VM log file:

/var/log/libvirt/qemu/rhel7.log as it might hint on why qemu crashed/exited and also the libvirt debug log in case we'd need to trace an issue there.

Comment 3 Peter Krempa 2014-06-20 07:00:02 UTC

Ah, sorry I now noticed it's pasted inline.

Comment 4 Jiri Denemark 2014-06-20 07:13:26 UTC

QEMU should not exit after a failed hotplug of a USB device. Only the hotplug operation should fail. Reassigning to qemu-kvm.

Comment 5 Gerd Hoffmann 2014-07-04 11:43:29 UTC

Please retest with this test build:
http://people.redhat.com/ghoffman/bz1103193/

Comment 6 zhenfeng wang 2014-07-07 03:48:28 UTC

Hi Gerd
I just retest comment0's steps with your test build, find the guest didn't crash when hotplug usb while disable virt_use_usb, however, find some other issues with the following two scenarios :

scenario1: Disable virt_use_usb but enable selinux
# getsebool virt_use_usb
virt_use_usb --> off
# getenforce
Enforcing

Issues:
1.The usb can still hotplug successfully even disable the virt_use_usb. the expect result should fail
# virsh attach-device rhel7 usb.xml 
Device attached successfully

2.Didn't see the usb device inside the guest after attach the usb to the guest, however, could see it in the guest's xml
#virsh dumpxml rhel7
 --
hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='2' device='3'/>
      </source>
      <alias name='hostdev0'/>
    </hostdev>
--

3.Find some avc info while hotplug and unhotplug the usb
we could see the following avc info while hotplug the usb
#ausearch -m avc -ts recent
--
time->Mon Jul  7 11:29:28 2014
type=SYSCALL msg=audit(1404703768.660:3609): arch=c000003e syscall=4 success=no exit=-13 a0=7fff95fcfa50 a1=7fff95fcf9c0 a2=7fff95fcf9c0 a3=b items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null)
type=AVC msg=audit(1404703768.660:3609): avc:  denied  { getattr } for  pid=10970 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/descriptors" dev="sysfs" ino=9710 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
----
time->Mon Jul  7 11:29:28 2014
type=SYSCALL msg=audit(1404703768.660:3610): arch=c000003e syscall=4 success=no exit=-13 a0=7fff95fcfa50 a1=7fff95fcf9c0 a2=7fff95fcf9c0 a3=13 items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null)
type=AVC msg=audit(1404703768.660:3610): avc:  denied  { getattr } for  pid=10970 comm="qemu-kvm" path="/sys/devices/pci0000:00/0000:00:1d.0/usb2/bConfigurationValue" dev="sysfs" ino=9666 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
--

Could see the following avc info while unhotplug the usb
#virsh detach-device rhel7 usb.xml
Device detached successfully

#ausearch -m avc -ts recent
--
time->Mon Jul  7 11:31:54 2014
type=SYSCALL msg=audit(1404703914.660:3620): arch=c000003e syscall=2 success=no exit=-13 a0=7fff95fcff50 a1=0 a2=fffffffffffffff3 a3=2 items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null)
type=AVC msg=audit(1404703914.660:3620): avc:  denied  { read } for  pid=10970 comm="qemu-kvm" name="003" dev="devtmpfs" ino=131880 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
----
time->Mon Jul  7 11:31:56 2014
type=SYSCALL msg=audit(1404703916.660:3621): arch=c000003e syscall=2 success=no exit=-13 a0=7fff95fcff50 a1=0 a2=fffffffffffffff3 a3=2 items=0 ppid=1 pid=10970 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c474,c571 key=(null)
type=AVC msg=audit(1404703916.660:3621): avc:  denied  { read } for  pid=10970 comm="qemu-kvm" name="003" dev="devtmpfs" ino=131880 scontext=system_u:system_r:svirt_t:s0:c474,c571 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
--

Scenario2: Enable both virt_use_usb and selinux
# getenforce
Enforcing
# getsebool virt_use_usb
virt_use_usb --> on

Issue
Couldn't see the usb device inside the guest while attach the usb to the guest, however, could see the device in the guest's xml

# virsh attach-device rhel7 usb.xml 
Device attached successfully

# virsh dumpxml rhel7
--
<hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='2' device='3'/>
      </source>
      <alias name='hostdev0'/>
    </hostdev>
--

login the guest, couldn't see the usb device and it promote the following error
#lsusb
#cat /var/log/messages
Jul  6 23:37:32 rhel6 kernel: hub 1-2:1.0: unable to enumerate USB device on port 1

Comment 7 Gerd Hoffmann 2014-07-11 13:58:02 UTC

(In reply to zhenfeng wang from comment #6)
> Hi Gerd
> I just retest comment0's steps with your test build, find the guest didn't
> crash when hotplug usb while disable virt_use_usb, however, find some other
> issues with the following two scenarios :

Good.

> Issues:
> 1.The usb can still hotplug successfully even disable the virt_use_usb. the
> expect result should fail

Adding a usb-host device will never fail.  If the device is not present (or can not be opened, due to selinux or something denying access) qemu will wait for the device showing up instead of returning an error.

> Scenario2: Enable both virt_use_usb and selinux
> # getenforce
> Enforcing
> # getsebool virt_use_usb
> virt_use_usb --> on
> 
> Issue
> Couldn't see the usb device inside the guest while attach the usb to the
> guest, however, could see the device in the guest's xml

Qemu still can't access the usb device it seems.

Could be the libvirtd configuration must be tweaked.  Libvirt restricts access to files in /dev using cgroups (additionally to selinux).

Comment 8 Miroslav Rezanina 2014-10-21 14:53:00 UTC

Fix included in qemu-kvm-1.5.3-76.el7

Comment 9 Miroslav Rezanina 2014-10-21 14:53:08 UTC

Fix included in qemu-kvm-1.5.3-76.el7

Comment 10 Miroslav Rezanina 2014-10-21 14:53:36 UTC

Fix included in qemu-kvm-1.5.3-76.el7

Comment 12 Jun Li 2014-11-11 09:36:21 UTC

Reproduce:

Version of components:
qemu-kvm-1.5.3-70.el7.x86_64

Steps:
1.Disable virt_use_usb
# getenforce
Enforcing
#setsebool virt_use_usb 0
# getsebool virt_use_usb
virt_use_usb --> off

2.Start a normal guest
#virsh start r7

3.Plug a usb to your local host
# lsusb
Bus 005 Device 008: ID 0ac8:3450 Z-Star Microelectronics Corp. 

4.Prepare a xml for the usb
# cat usb.xml
<hostdev mode='subsystem' type='usb' managed='yes'>
    <source>
        <address bus='5' device='8'/>
    </source>
</hostdev>

5.Hotplug the usb to the guest, the guest will be crashed
# virsh attach-device r7 usb.xml
error: Failed to attach device from usb.xml
error: Unable to read from monitor: Connection reset by peer
# virsh list
 Id    Name                           State
----------------------------------------------------

# ps aux|grep qemu

6.Check the qemu log and avc info
#cat /var/log/libvirt/qemu/r7.log
libusbx: error [initialize_device] open failed, ret=-1 errno=1

As above show, this bz has been reproduced.
======================
Verify:

Version of components:
qemu-kvm-1.5.3-77.el7.x86_64

Steps as above show, after step 5, hot-plug this device successfully.
# virsh attach-device r7 usb.xml 
Device attached successfully.

Couldn't see the usb device inside the guest while attach the usb to the guest, however, could see the device in the guest's xml.

# virsh dumpxml r7 > li.xml 
# cat li.xml
...
    <hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='5' device='8'/>
      </source>
...

As above show and comment 7, this bz has been verified.
============================
Also test with qemu-kvm-rhev-2.1.2-6.el7.x86_64, after step 5, hot-plug this device successfully.
# virsh attach-device r7 usb.xml 
Device attached successfully.

Couldn't see the usb device inside the guest while attach the usb to the guest, however, could see the device in the guest's xml.

# virsh dumpxml r7 > li.xml 
# cat li.xml
...
    <hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
        <address bus='5' device='8'/>
      </source>
...

So no hit this bz on qemu-kvm-rhev-2.1.2-6.el7.x86_64.

Comment 15 errata-xmlrpc 2015-03-05 08:10:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0349.html

Note You need to log in before you can comment on or make changes to this bug.