2148352 – [QEMU-7.2][virtiofs] mount virtiofs stuck and got error 'SELinux: (dev virtiofs, type virtiofs) getxattr errno 4' when force quite

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2148352 - [QEMU-7.2][virtiofs] mount virtiofs stuck and got error 'SELinux: (dev virtiofs, type virtiofs) getxattr errno 4' when force quite

Summary: [QEMU-7.2][virtiofs] mount virtiofs stuck and got error 'SELinux: (dev virtio...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	9.2
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	German Maglione
QA Contact:	xiagao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-11-25 07:12 UTC by Yanan Fu
Modified:	2023-05-09 07:47 UTC (History)
CC List:	12 users (show)
Fixed In Version:	qemu-kvm-7.2.0-1.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-05-09 07:20:55 UTC
Type:	---
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-140434	0	None	None	None	2022-11-25 07:29:48 UTC
Red Hat Product Errata	RHSA-2023:2162	0	None	None	None	2023-05-09 07:21:42 UTC

Description Yanan Fu 2022-11-25 07:12:27 UTC

Description of problem:
mount virtiofs stuck and got error 'SELinux: (dev virtiofs, type virtiofs) getxattr errno 4' when force quite


In guest:
# getenforce 
Permissive


Version-Release number of selected component (if applicable):
qemu-kvm-core-7.2.0-0.rc1.el9.preview.x86_64
virtiofsd-1.4.0-1.el9.x86_64
kernel-5.14.0-197.el9.x86_64 (both host and guest)

How reproducible:
100%

Steps to Reproduce:
1.  start virtiofsd on rhel920 host(RHEL-9.2.0-20221122.2)

# mkdir -p /root/avocado/data/avocado-vt/virtio_fs_test/
# /usr/libexec/virtiofsd --socket-path=/var/tmp/avocado_9twgkzgh/avocado-vt-vm1-fs-virtiofsd.sock -o source=/root/avocado/data/avocado-vt/virtio_fs_test/,cache=always

2. Boot RHEL.9.2.0 guest with virtiofs device
     -m 4096 \
     -object memory-backend-file,size=4G,mem-path=/dev/shm,share=yes,id=mem-mem1  \
     -chardev socket,id=char_virtiofs_fs,path=/var/tmp/avocado_9twgkzgh/avocado-vt-vm1-fs-virtiofsd.sock \
     -device pcie-root-port,id=pcie-root-port-3,port=0x3,addr=0x1.0x3,bus=pcie.0,chassis=4 \
     -device vhost-user-fs-pci,id=vufs_virtiofs_fs,chardev=char_virtiofs_fs,tag=myfs,queue-size=1024,bus=pcie-root-port-3,addr=0x0 \


3. mount virtiofs in guest os
# mkdir -p /mnt/myfs
# mount -t virtiofs myfs /mnt/myfs

mount comand stuck, can not finish for long time.
Try to kill the mount process, dmesg show error:

SELinux: (dev virtiofs, type virtiofs) getxattr errno 4

And, the mount process can not be killed successfully.

Actual results:
mount virtiofs failed

Expected results:
mount virtiofs success

Additional info:
If disable the selinux in guest os, it can work well

Comment 1 Yanan Fu 2022-11-28 06:55:45 UTC

QEMU-7.2-rc2 have the same problem.
http://batcave.lab.eng.brq2.redhat.com/repos/preview/RHEL-9/RHEL-9.2.0/qemu-kvm/221125_qemu-kvm-7.2.0rc2/

Comment 3 German Maglione 2022-11-29 11:49:27 UTC

This is a qemu bug. Commit 02b61f38d3574900fb4cc4c450b17c75956a6a04 (in qemu) adds the backend features bits to vhost-user.c to vhost_user_set_features(). This exposed a bug on several devices, including vhost-user-fs.

```
static int vhost_user_set_features(...) {
    ...
    /*
     * We need to include any extra backend only feature bits that
     * might be needed by our device. Currently this includes the
     * VHOST_USER_F_PROTOCOL_FEATURES bit for enabling protocol
     * features.
     */
    return vhost_user_set_u64(dev, VHOST_USER_SET_FEATURES,
                              features | dev->backend_features,
                              log_enabled);
    ...
}
```

virtiofsd is a backend from a qemu POV, so the VHOST_USER_F_PROTOCOL_FEATURES is set by the rust version of virtiofs (The C version is not setting this feature, so is not affected). According to the vhost user spec, the master must send VHOST_USER_SET_VRING_ENABLE to the backend if VHOST_USER_F_PROTOCOL_FEATURES has been negotiated, otherwise the vring is initialized in a disable state. The vhost-user-fs is not doing that, so the guest blocks when trying to mount a virtiofs fs. I've also seen sometimes it blocks when you try to enter into the directory in the guest.

A patch is already sent to the upstream, but not approved yet: https://lists.gnu.org/archive/html/qemu-devel/2022-11/msg03814.html

Comment 4 German Maglione 2022-12-01 10:14:00 UTC

The patch that fixes this issue has been included in the Alex Benne's series that fixes also other vhost issues, he just sent a v4:
https://lore.kernel.org/qemu-devel/20221130112439.2527228-1-alex.bennee@linaro.org/

Comment 5 German Maglione 2022-12-05 10:31:30 UTC

The fix was merged in uptream, commit: 4daa5054c599c8aec70f1264a01341a15921c145

Comment 7 Yanan Fu 2022-12-20 09:19:11 UTC

QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.

Comment 9 xiagao 2022-12-28 06:52:02 UTC

Test on qemu-kvm-7.2.0-1.el9, the shared directory mounted works.

In guest:
# getenforce 
Permissive

pkg:
virtiofsd-1.5.0-1.el9.x86_64
qemu-kvm-7.2.0-1.el9
5.14.0-219.el9.x86_64(host)
5.14.0-226.el9.x86_64(guest)

Comment 12 xiagao 2023-01-11 01:37:54 UTC

Based on Comment9, I will set verified status for this bug.

Comment 14 errata-xmlrpc 2023-05-09 07:20:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: qemu-kvm security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2162

Note You need to log in before you can comment on or make changes to this bug.