1996130 – Detecting TSC timer frequencies requires too many privileges [rhel-8.4.0.z]

Bug 1996130 - Detecting TSC timer frequencies requires too many privileges [rhel-8.4.0.z]

Summary: Detecting TSC timer frequencies requires too many privileges [rhel-8.4.0.z]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	8.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	8.5
Assignee:	Michal Privoznik
QA Contact:	Luyao Huang
Docs Contact:
URL:
Whiteboard:
Depends On:	1992479
Blocks:
TreeView+	depends on / blocked

Reported:	2021-08-20 15:55 UTC by RHEL Program Management Team
Modified:	2021-09-30 17:02 UTC (History)
CC List:	9 users (show)
Fixed In Version:	libvirt-7.0.0-14.4.el8
Doc Type:	Bug Fix
Doc Text:	Cause: When querying for TSC scaling (which is then reported in capabilities XML), libvirt used so called Machine Specific Registers (MSRs). This operation, however, requires root privileges and thus is not very container friendly. Moreover, when container doesn't have enough permissions libvirt would fallback to an alternative approach which doesn't yield correct results. Consequence: Container tools (like CNV) were given confusing information on TSC scaling. Fix: The fix consists of matching what QEMU does: asking /dev/kvm directly. This not only reports correct info in all cases but also doesn't require additional permissions. Result: Container tools are happy again.
Clone Of:	1992479
Environment:
Last Closed:	2021-09-30 16:54:47 UTC
Type:	---
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-94396	0	None	None	None	2021-08-23 08:03:45 UTC
Red Hat Product Errata	RHSA-2021:3703	0	None	None	None	2021-09-30 16:55:50 UTC

Comment 1 Michal Privoznik 2021-08-23 08:02:59 UTC

To POST:

https://mailman-int.corp.redhat.com/archives/rhvirt-patches/2021-August/msg00123.html

Comment 4 Luyao Huang 2021-08-30 02:42:08 UTC

Reproduce this bug with libvirt-daemon-7.0.0-14.3.module+el8.4.0+11878+84e54169:

1. make sure TSC scaling is supported in privileged mode

# virsh capabilities
...
      <counter name='tsc' frequency='2095077000' scaling='yes'/>
...

2. create a unprivileged user and run virsh capabilities in user mode, and libvirt report run support status of TSC scaling:

# su - lhuang

$ virsh capabilities
...
      <counter name='tsc' frequency='2095077000' scaling='no'/>
...


Verify this bug with libvirt-daemon-7.0.0-14.4.module+el8.4.0+12413+d23780e6:


1. make sure TSC scaling is supported in privileged mode

# virsh capabilities
...
      <counter name='tsc' frequency='2095077000' scaling='yes'/>
...


2. create a unprivileged user and run virsh capabilities in user mode, libvirt report correct support information of TSC scaling:

# su - lhuang

$ virsh capabilities
...
      <counter name='tsc' frequency='2095077000' scaling='yes'/>
...

Comment 6 errata-xmlrpc 2021-09-30 16:54:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:av and virt-devel:av security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3703

Note You need to log in before you can comment on or make changes to this bug.