Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
As a Technology Preview, qemu-kvm-rhev introduces the Virtual Machine Generation ID feature, which enables the VM BIOS to expose ID integers that help prevent the corruption of virtual file systems during higher-risk operations, such as restoring a snapshot or loading a configuration backup. This feature is available on VMs that use the following guest operating systems:
- Windows 8 or later
- Windows Server 2012 or later
Note that it is currently only possible to access this feature using arbitrary QEMU commands. However, virtual machines modified by such commands cannot be supported by Red Hat.
+++ This bug was initially created as a clone of Bug #1118825 +++
Description of problem:
Making copies of VMs is great - until it isn't. The typical window's example: some clones a VM that is running active directory - and now - there are two sources of truth of authentication/authorization- a bad thing.
Microsoft has established a standard identifier-using the ACPI driver to identify when a clone has been creating in a "bad way." This standard is now supported by VMware, Xen Server and, of course, HyperV. See http://go.microsoft.com/fwlink/?LinkId=260709 for more information.
Flexera Software takes advantage of this standard to detect when a user has incorrectly cloned a license server (where a user then has 2 license servers running licenses-same as having 2 active directory). We then enable the producers to implement policies such as "render the license server inoperable" or "give user time to fix this." We have data to show that this particular scenario happens to roughly 20% of all global software licenses (and often by accident).
Our ask is that Red Hat/the linux community also establish something of the same flavor so that software producers can help customers stay compliant with their software licenses.
Version-Release number of selected component (if applicable): All
How reproducible: N/A
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
Closing bug#1139005 as duplicate.
There it says:
This functionality is new to Hyper-V in Windows Server 2012 or Windows 8 and is designed to differentiate (security-wise) between instances of a VM that were generated using the exact same disk image / snapshot.
The implementation is based on a new hypervisor's device, that returns a 128-bit, cryptographically random integer value identifier that will be different every time the virtual machine executes from a different configuration fileāsuch as executing from a recovered snapshot, or executing after restoring from backup.
(In reply to Miroslav Rezanina from comment #4)
> Hi Gal,
> is patch in 2.2/2.3 upstream release? In case it is, please move the bz to
> modified state and fill fixed in field with proper version.
The patch was not accepted it.
(In reply to Gal Hammer from comment #5)
> (In reply to Miroslav Rezanina from comment #4)
> > Hi Gal,
> > is patch in 2.2/2.3 upstream release? In case it is, please move the bz to
> > modified state and fill fixed in field with proper version.
>
> The patch was not accepted it.
Hi mrezanin,
According to comment5, seems we need to update the bz status from post to assigned status?
Best Regards,
Junyi
Comment 24Michael S. Tsirkin
2018-03-12 14:53:29 UTC
Note for qe:
Verifying functionality in a Windows guest is tricky, but in Linux
you can build and load this (old and badly written) device driver:
https://github.com/ben-skyportsystems/vmgenid-test
You should see the 'notices' number increment after restoring a snapshot.
Comment 25Michael S. Tsirkin
2018-03-12 14:54:54 UTC
Test against with qemu-kvm-rhev-2.12.0-2.el7.x86_64
1. RHEL guest:
a) Boot up guest with "-device vmgenid,id=testvgid,guid=auto"
b) Check the vmgenid in the guest
[root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/guid
90231d05-db32-1345-bbbe-3cf3a49ab372
[root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/notices
0
c) Do the migration in hmp
(qemu) stop
(qemu) info status
VM status: paused
(qemu) migrate -d "exec: gzip -c >/home/test.gz"
d) Then boot up snapshot with "-incoming "exec: gzip -c -d /home/test.gz" "
e) check vmgenid in the guest again
[root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/guid
6c934afe-384e-274b-b4ac-5dbada48940b
[root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/notices
1
2. Windows server 2012 guest:
test it with above steps, and can see the different vmgenid, please check the attachment(win2012result)
Hi Michael
Could you double check it? is it enough?
Thanks
Jing
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2018:3443
(In reply to Michael S. Tsirkin from comment #24)
> Note for qe:
> Verifying functionality in a Windows guest is tricky, but in Linux
> you can build and load this (old and badly written) device driver:
>
> https://github.com/ben-skyportsystems/vmgenid-test
>
> You should see the 'notices' number increment after restoring a snapshot.
Hi Micheal,
with the tool in this github repo, I found following issue, not sure if it's a data sequence problem.
steps:
1. start a vm with genid=29aba8fd-899f-4f0e-baca-b4d28262918a
# ps -ef | grep genid
qemu 19733 1 0 03:29 ? 00:00:02 /usr/libexec/qemu-kvm -name guest=avocado-vt-vm1,debug-threads=on ...-device vmgenid,guid=29aba8fd-899f-4f0e-baca-b4d28262918a
2. login vm and use the tool you provided to print the guid
[root@localhost vmgenid]# cat /sys/firmware/acpi/vmgenid/guid
fda8ab29-9f89-0e4f-baca-b4d28262918a
problem:
the guid in step 1&2 are different, seems big/little endian mixed... is this a problem?
Comment 41Red Hat Bugzilla
2023-09-14 23:57:45 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days