Bug 1599973
| Summary: | libvirtd crashed during stop if there is a guest set filterref in guest vNIC | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Luyao Huang <lhuang> |
| Component: | libvirt | Assignee: | John Ferlan <jferlan> |
| Status: | CLOSED ERRATA | QA Contact: | Luyao Huang <lhuang> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.6 | CC: | dyuan, xuzhang, yafu, yalzhang |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-4.5.0-5.el7 | Doc Type: | No Doc Update |
| Doc Text: |
undefined
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-30 09:57:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
A patch to resolve is posted upstream: https://www.redhat.com/archives/libvir-list/2018-July/msg01523.html The patch is now pushed:
commit 5229494b01acf97dbc6f3028e9718667e9e1426a
Author: John Ferlan <jferlan>
Date: Fri Jul 20 17:44:08 2018 -0400
nwfilter: Resolve SEGV for NWFilter Snoop processing
...
Commit id fca9afa08 changed the @req->ifname to use
@req->binding->portdevname fillingin the @req->binding
in a similar way that @req->ifname would have been
filled in during virNWFilterDHCPSnoopReq processing.
However, in doing so it did not take into account some
code paths where the @req->binding should be checked
instead of @req->binding->portdevname. These checks
led to SEGVs in some cases during libvirtd reload
processing in virNWFilterSnoopRemAllReqIter (for
stop during nwfilterStateCleanup processing) and
virNWFilterSnoopReqLeaseDel (for start during
nwfilterStateInitialize processing).
In particular, when reading the nwfilter.leases file
a new @req is created, but the @req->binding is not
filled in. That's left to virNWFilterDHCPSnoopReq
processing which checks if the @req already exists
in the @virNWFilterSnoopState.snoopReqs hash table
after adding a virNWFilterSnoopState.ifnameToKey
entry for the @req->binding->portdevname by a
@ref->ikey value.
NB: virNWFilterSnoopIPLeaseInstallRule and
virNWFilterDHCPSnoopThread do not need the
req->binding check since they can only be called
after the filter->binding is created/assigned.
Signed-off-by: John Ferlan <jferlan>
ACKed-by: Michal Privoznik <mprivozn>
$ git describe 5229494b01acf97dbc6f3028e9718667e9e1426a
v4.5.0-297-g5229494b01
$
Verify this bug on libvirt-4.5.0-6.el7.x86_64:
1. prepare a running guest with vNIC xml like this:
<interface type='network'>
<mac address='52:54:00:2c:76:c5'/>
<source network='default' bridge='virbr0'/>
<target dev='vnet0'/>
<model type='rtl8139'/>
<filterref filter='clean-traffic'>
<parameter name='CTRL_IP_LEARNING' value='dhcp'/>
</filterref>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</interface>
2. check nwfilter.leases file:
# cat /run/libvirt/network/nwfilter.leases
1534387047 4d73262f-35a7-437e-96ad-e5246aac79ee-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1
1534387048 4d73262f-35a7-437e-96ad-e5246aac79ee-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1
1534388701 4d73262f-35a7-437e-96ad-e5246aac79ee-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1
1534389984 4d73262f-35a7-437e-96ad-e5246aac79ee-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1
1534391426 4d73262f-35a7-437e-96ad-e5246aac79ee-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1
1534392838 4d73262f-35a7-437e-96ad-e5246aac79ee-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1
3. use gdb attach running libvirtd and open another terminal to stop libvirtd, cannot find crash report
4. start libvirtd with gdb and check there is no crash report
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3113 |
Description of problem: libvirtd crashed during stop if there is a guest set filterref in guest vNIC Version-Release number of selected component (if applicable): libvirt-4.5.0-2.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. prepare a guest which set filterref in guest vNIC: <interface type='network'> <mac address='52:54:00:2c:76:c5'/> <source network='default' bridge='virbr0'/> <target dev='vif200'/> <model type='e1000e'/> <filterref filter='clean-traffic'> <parameter name='CTRL_IP_LEARNING' value='dhcp'/> </filterref> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </interface> 2. start guest 3. wait guest get ip and check nwfilter.leases # cat /run/libvirt/network/nwfilter.leases 1531218124 8a39e5ec-1e91-4480-80f3-c106ce1eeeec-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1 1531218126 8a39e5ec-1e91-4480-80f3-c106ce1eeeec-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1 1531218127 8a39e5ec-1e91-4480-80f3-c106ce1eeeec-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1 1531218129 8a39e5ec-1e91-4480-80f3-c106ce1eeeec-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1 1531218136 8a39e5ec-1e91-4480-80f3-c106ce1eeeec-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1 1531218142 8a39e5ec-1e91-4480-80f3-c106ce1eeeec-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1 1531218145 8a39e5ec-1e91-4480-80f3-c106ce1eeeec-52:54:00:2c:76:c5 192.168.122.238 192.168.122.1 4. restart libvirtd 5. gdb attach libvirtd and use another terminal to restart/stop libvirtd Actual results: libvirtd received signal SIGSEGV in step 5 Expected results: There is no crash in step 5 Additional info: backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007f6c85931cbc in virNWFilterSnoopRemAllReqIter (payload=0x7f6c7c102cb0, name=<optimized out>, data=<optimized out>) at nwfilter/nwfilter_dhcpsnoop.c:2040 2040 if (req->binding->portdevname) { (gdb) bt #0 0x00007f6c85931cbc in virNWFilterSnoopRemAllReqIter (payload=0x7f6c7c102cb0, name=<optimized out>, data=<optimized out>) at nwfilter/nwfilter_dhcpsnoop.c:2040 #1 0x00007f6cb18bd214 in virHashRemoveSet (table=0x7f6c7c0f15d0, iter=iter@entry=0x7f6c85931ca0 <virNWFilterSnoopRemAllReqIter>, data=data@entry=0x0) at util/virhash.c:624 #2 0x00007f6c85931c85 in virNWFilterSnoopEndThreads () at nwfilter/nwfilter_dhcpsnoop.c:2068 #3 0x00007f6c859345f9 in virNWFilterDHCPSnoopShutdown () at nwfilter/nwfilter_dhcpsnoop.c:2183 #4 0x00007f6c8592eaa2 in nwfilterStateCleanup () at nwfilter/nwfilter_driver.c:340 #5 0x00007f6cb1a8c04b in virStateCleanup () at libvirt.c:699 #6 0x0000558d90e919bc in main (argc=<optimized out>, argv=<optimized out>) at remote/remote_daemon.c:1478 (gdb) p req->binding $1 = (virNWFilterBindingDefPtr) 0x0 And another crash like this: Program received signal SIGSEGV, Segmentation fault. 0x00007fffcb528aaf in virNWFilterSnoopReqLeaseDel (req=0x7fffc00ff180, ipaddr=0x7fffc00fff30, update_leasefile=update_leasefile@entry=false, instantiate=instantiate@entry=false) at nwfilter/nwfilter_dhcpsnoop.c:870 870 ipAddrLeft = virNWFilterIPAddrMapDelIPAddr(req->binding->portdevname, ipstr); (gdb) bt #0 0x00007fffcb528aaf in virNWFilterSnoopReqLeaseDel (req=0x7fffc00ff180, ipaddr=0x7fffc00fff30, update_leasefile=update_leasefile@entry=false, instantiate=instantiate@entry=false) at nwfilter/nwfilter_dhcpsnoop.c:870 #1 0x00007fffcb528c89 in virNWFilterSnoopReqFree (req=0x7fffc00ff180) at nwfilter/nwfilter_dhcpsnoop.c:636 #2 virNWFilterSnoopReqRelease (req0=0x7fffc00ff180, name=<optimized out>) at nwfilter/nwfilter_dhcpsnoop.c:685 #3 0x00007ffff74b3025 in virHashRemoveEntry (table=0x7fffc00f0e60, name=name@entry=0x7fffc00ff19c) at util/virhash.c:539 #4 0x00007fffcb528d72 in virNWFilterSnoopReqPut (req=0x7fffc00ff180) at nwfilter/nwfilter_dhcpsnoop.c:733 #5 0x00007fffcb528372 in virNWFilterSnoopLeaseFileLoad () at nwfilter/nwfilter_dhcpsnoop.c:2000 #6 0x00007fffcb52a461 in virNWFilterDHCPSnoopInit () at nwfilter/nwfilter_dhcpsnoop.c:2096 #7 0x00007fffcb524c0b in nwfilterStateInitialize (privileged=<optimized out>, callback=<optimized out>, opaque=<optimized out>) at nwfilter/nwfilter_driver.c:213 #8 0x00007ffff7681eef in virStateInitialize (privileged=true, callback=callback@entry=0x5555555775c0 <daemonInhibitCallback>, opaque=opaque@entry=0x5555557f4440) at libvirt.c:662 #9 0x000055555557761b in daemonRunStateInit (opaque=0x5555557f4440) at remote/remote_daemon.c:803 #10 0x00007ffff7505512 in virThreadHelper (data=<optimized out>) at util/virthread.c:206 #11 0x00007ffff48f2dd5 in start_thread () from /lib64/libpthread.so.0 #12 0x00007ffff461bead in clone () from /lib64/libc.so.6