Description of problem: start a guest with vtpm, destroy it, then try to remove vtpm from guest xml, libvirtd will crash Version-Release number of selected component (if applicable): libvirt-daemon-5.6.0-1.module+el8.1.0+3890+4d3d259c.x86_64 qemu-kvm-4.0.0-6.module+el8.1.0+3736+a2aefea3.x86_64 How reproducible: 100% Steps to Reproduce: 0. #yum install swtpm swtpm-tools 1. start a guest with vtpm xml as below: <tpm model='tpm-crb'> <backend type='emulator' version='2.0'/> </tpm> 2. destroy the guest 3. try to remove the vtpm device: # virsh edit rhel8.1-ovmf error: Disconnected from qemu:///system due to end of file error: End of file while reading data: Input/output error Failed. Try again? [y,n,i,f,?]: error: internal error: client socket is closed Or: # virsh define rhel8.1-ovmf.xml-bak error: Disconnected from qemu:///system due to end of file error: Failed to define domain from rhel8.1-ovmf.xml-bak error: End of file while reading data: Input/output error # abrt-cli ls id e600f7c12b67cfa0c69b37d50aa83c19768cd903 reason: virDomainCheckDeviceChanges(): libvirtd killed by SIGSEGV time: Thu 08 Aug 2019 10:44:21 PM EDT cmdline: /usr/sbin/libvirtd --timeout 120 package: libvirt-daemon-5.6.0-1.module+el8.1.0+3890+4d3d259c uid: 0 (root) count: 1 Directory: /var/spool/abrt/ccpp-2019-08-08-22:44:21-20803 Run 'abrt-cli report /var/spool/abrt/ccpp-2019-08-08-22:44:21-20803' for creating a case in Red Hat Customer Portal (gdb) bt #0 virDomainCheckTPMChanges (def=<optimized out>, newDef=0x7fd7ec0cb760) at conf/domain_conf.c:31469 #1 virDomainCheckDeviceChanges (def=<optimized out>, newDef=newDef@entry=0x7fd7ec0cb760) at conf/domain_conf.c:31493 #2 0x00007fd7d8c807fc in qemuDomainCheckDeviceChanges (def=0x7fd7ec0cb760, driver=0x7fd7b810e5d0) at qemu/qemu_driver.c:7779 #3 qemuDomainDefineXMLFlags (conn=0x7fd8080043d0, xml=0x7fd7ec002bc0 "<domain type='kvm'>\n <name>rhel8.1-ovmf</name>\n <uuid>0572326a-499d-407e-8d4a-2a8e974c9496</uuid>\n <metadata>\n <libosinfo:libosinfo xmlns:libosinfo=\"http://libosinfo.org/xmlns/libvirt/domain/1.0"..., flags=<optimized out>) at qemu/qemu_driver.c:7823 #4 0x00007fd821d4cd24 in virDomainDefineXMLFlags (conn=conn@entry=0x7fd8080043d0, xml=0x7fd7ec002bc0 "<domain type='kvm'>\n <name>rhel8.1-ovmf</name>\n <uuid>0572326a-499d-407e-8d4a-2a8e974c9496</uuid>\n <metadata>\n <libosinfo:libosinfo xmlns:libosinfo=\"http://libosinfo.org/xmlns/libvirt/domain/1.0"..., flags=1) at libvirt-domain.c:6197 #5 0x000055beb6ad2d06 in remoteDispatchDomainDefineXMLFlags (server=0x55beb7c21090, msg=0x55beb7c63a60, args=0x7fd7ec002980, args=0x7fd7ec002980, ret=0x7fd7ec0029e0, rerr=0x7fd80fffe960, client=<optimized out>) at remote/remote_daemon_dispatch_stubs.h:5198 #6 remoteDispatchDomainDefineXMLFlagsHelper (server=0x55beb7c21090, client=<optimized out>, msg=0x55beb7c63a60, rerr=0x7fd80fffe960, args=0x7fd7ec002980, ret=0x7fd7ec0029e0) at remote/remote_daemon_dispatch_stubs.h:5176 #7 0x00007fd821c7e774 in virNetServerProgramDispatchCall (msg=0x55beb7c63a60, client=0x55beb7c63c10, server=0x55beb7c21090, prog=0x55beb7c5e430) at rpc/virnetserverprogram.c:435 #8 virNetServerProgramDispatch (prog=0x55beb7c5e430, server=server@entry=0x55beb7c21090, client=0x55beb7c63c10, msg=0x55beb7c63a60) at rpc/virnetserverprogram.c:302 #9 0x00007fd821c83a2c in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x55beb7c21090) at rpc/virnetserver.c:137 #10 virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x55beb7c21090) at rpc/virnetserver.c:158 #11 0x00007fd821ba2690 in virThreadPoolWorker (opaque=opaque@entry=0x55beb7c02a10) at util/virthreadpool.c:163 #12 0x00007fd821ba199c in virThreadHelper (data=<optimized out>) at util/virthread.c:206 #13 0x00007fd81f4452de in start_thread (arg=<optimized out>) at pthread_create.c:486 #14 0x00007fd81e923133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Actual results: As in step3. Expected results: Should remove successfully or fail with proper error, instead of crashing libvirtd. Additional info: Remove the storagefile will make it succeed: #rm -rf /var/lib/libvirt/swtpm/0572326a-499d-407e-8d4a-2a8e974c9496
Created attachment 1602004 [details] gdb-full.txt
Upstream patch: https://www.redhat.com/archives/libvir-list/2019-August/msg00339.html
Pushed upstream as: commit d8326cb8826170019c74018511d76c58665ab282 Author: Ján Tomko <jtomko> CommitDate: 2019-08-09 14:55:10 +0200 Revert "tpm: Check TPM XML device configuration changes after edit" Redefining a domain via virDomainDefineXML should not give different results based on an already existing definition. Also, there's a crasher somewhere in the code: https://bugzilla.redhat.com/show_bug.cgi?id=1739338 This reverts commit 94b3aa55f83ada33a9fdda66068d58ef1a56c0a5 Signed-off-by: Ján Tomko <jtomko> Reviewed-by: Jiri Denemark <jdenemar> git describe: v5.6.0-115-gd8326cb882
Verify this bug with: libvirt-5.6.0-5.module+el8.1.0+4229+2e4e348c.x86_64 qemu-kvm-4.1.0-10.module+el8.1.0+4234+33aa4f57.x86_64 swtpm-0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1.x86_64 swtpm-tools-0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1.x86_64 libtpms-0.6.1-0.20190121git9dc915572b.module+el8.1.0+3523+b348b848.2.x86_64 vtpm device can be removed from guest xml successfully by virsh edit or define after guest shutdown, or even when guest running, without crash.
vtpm encryption test will be tracked in https://bugzilla.redhat.com/show_bug.cgi?id=1753821. Mark this bug as verified per comment6. (And in that comment, means remove from *inactive* xml when guest/swtpm running or shutdown, sorry for potential ambiguity.)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3723