Hide Forgot
Description of problem: An integer overflow in qemu's implementation of the i6300esb watchdog timer means that if the guest programs a sufficiently large timeout time (but still within the range the device is supposed to support), the watchdog will trigger immediately, potentially killing the guest. Version-Release number of selected component (if applicable): qemu-kvm-rhev-2.2.0-5.el7.ppc64 How reproducible: 100%, with correct configuraiton Steps to Reproduce: 1. Create a qemu guest including the i6300esb watchdog device. For example the following qemu command line is suitable: qemu-system-x86_64 \ -machine pc \ -enable-kvm \ -m 2048 \ -no-user-config \ -nodefaults \ -vga std \ -chardev stdio,id=charmonitor,mux=on,signal=off \ -mon chardev=charmonitor,id=monitor \ -rtc base=utc \ -boot strict=on \ -drive file=DISKIMAGE.qcow2,if=none,id=drive0,format=qcow2 \ -device virtio-blk-pci,drive=drive0,id=blk0,bootindex=1 \ -netdev user,id=net0 \ -device virtio-net-pci,netdev=net0 \ -device i6300esb,id=watchdog0 -watchdog-action pause 2. Install a Linux guest under this qemu 3. Log into the guest, unload the i6300esb driver: # rmmod i6300esb 4. Reload the i6300esb driver with an altered heartbeat module parameter: # modprobe i6300esb heartbeat=2046 5. Open the watchdog device, for example with: # python >>> open("/dev/watchdog") Actual results: As soon as the watchdog device is opened, the watchdog immediately triggers, pausing the guest (with the example qemu command line above). Expected results: Watchdog does not trigger for ~2046 seconds, as specified by the heartbeat parameter. Additional info: This bug probably affects qemu-kvm (not RHEV) and RHEL6 as well, though I haven't tested so far.
I've posted an upstream fix for this (and bug 1198936). See http://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04372.html
Hi David, Should we fix this in RHEL6? Bests,
Patch was merged upstream and incorporated downstream in the qemu-2.3.0 rebase.
Tested this issue with qemu-kvm-rhev-2.3.0-2 both on x86_64 and ppc64le host. The watchdog timer did not fire immediately, but not fire on time either. Details: # modprobe -r i6300esb; modprobe i6300esb heartbeat=2046 # dmesg | grep -i i6300 ... [ 35.981953] i6300esb: initialized (0xffffc900003ba000). heartbeat=2046 sec (nowayout=0) # cat wd.py import time wd = open('/dev/watchdog', 'rw') wd.close() for i in range(1, 2049): time.sleep(1) print i # python wd.py 1 2 ... 257 258 <- watchdog fired (VM paused)
Hi David, Do you think comment 6 is a problem?
Comment 6 looks like a real bug, but a different and less serious one from this one. I think we can still verify this, and file comment 6 as a new bug.
As comment 9, set verified and file new one: Bug 1247893 - qemu's i6300esb watchdog does not fire on time with large heartbeat like 2046
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2546.html