RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2176924 - Logs are spammed with ' Domain id=7 is tainted: custom-ga-command' message [rhel-9.3.0]
Summary: Logs are spammed with ' Domain id=7 is tainted: custom-ga-command' message [r...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: libvirt
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Peter Krempa
QA Contact: Lili Zhu
URL:
Whiteboard:
Depends On: 2174446
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-09 16:38 UTC by RHEL Program Management Team
Modified: 2023-11-07 09:38 UTC (History)
6 users (show)

Fixed In Version: libvirt-9.2.0-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2174446
Environment:
Last Closed: 2023-11-07 08:31:00 UTC
Type: ---
Target Upstream Version: 9.2.0
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-151293 0 None None None 2023-03-09 16:39:36 UTC
Red Hat Product Errata RHSA-2023:6409 0 None None None 2023-11-07 08:31:30 UTC

Comment 1 Peter Krempa 2023-03-09 16:48:49 UTC 
Fixed upstream:

commit 9134b40d0b43a5e1a9928b0a0d948205941d9807
Author: Peter Krempa <pkrempa>
Date:   Wed Mar 1 17:09:42 2023 +0100

    qemu: domain: Fix logic when tainting domain
    
    Originally the code was skipping all repeated taints with the same taint
    flag but a logic bug introduced in commit 30626ed15b239c424ae inverted
    the condition. This caused that actually the first occurence was NOT
    logged but any subsequent was.
    
    This was noticed when going through oVirt logs as they use custom guest
    agent commands and the logs are totally spammed with this message.
    
    Fixes: 30626ed15b239c424ae891f096057a696eadd715
    Signed-off-by: Peter Krempa <pkrempa>
    Reviewed-by: Laine Stump <laine>

v9.1.0-11-g9134b40d0b
Comment 2 Lili Zhu 2023-04-04 11:39:54 UTC 
Tested with:
libvirt-9.2.0-1.el9.x86_64

1. prepare a guest with guest agent device
# virsh domtime rhel9.3 
Time: 1680594040

2. check the dominfo
Id:             4
Name:           rhel9.3
UUID:           fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5
OS Type:        hvm
State:          running
CPU(s):         8
CPU time:       594.7s
Max memory:     2883584 KiB
Used memory:    2097152 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c162,c426 (enforcing)

3. check the vcpus about guest using qemu-agent-command
# virsh qemu-agent-command rhel9.3 '{"execute":"guest-get-vcpus"}'
{"return":[{"online":true,"can-offline":true,"logical-id":7},...

4. check the dominfo again
# virsh dominfo rhel9.3 
Id:             4
Name:           rhel9.3
UUID:           fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5
OS Type:        hvm
State:          running
CPU(s):         8
CPU time:       2159.6s
Max memory:     2883584 KiB
Used memory:    2097152 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c162,c426 (enforcing)
Messages:       tainted: custom guest agent control commands issued

5. check the log
# grep -ni tainted /var/log/libvirt/virtqemud.log
13824:2023-04-04 10:14:35.683+0000: 39897: warning : qemuDomainObjTaintMsg:6831 : Domain id=4 name='rhel9.3' uuid=fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5 is tainted: custom-ga-command
13826:2023-04-04 10:14:35.683+0000: 39897: debug : qemuDomainLogAppendMessage:7213 : Append log message (vm='rhel9.3' message='2023-04-04 10:14:35.683+0000: Domain id=4 is tainted: custom-ga-command

6. repeat step 5 for 100 times
# for i in {1..100}; do virsh qemu-agent-command rhel9.3 '{"execute":"guest-get-vcpus"}'; done

7. check the log again
# grep -ni tainted /var/log/libvirt/virtqemud.log
13824:2023-04-04 10:14:35.683+0000: 39897: warning : qemuDomainObjTaintMsg:6831 : Domain id=4 name='rhel9.3' uuid=fa4f3beb-8296-4a2c-9bbc-3b76f2481cc5 is tainted: custom-ga-command
13826:2023-04-04 10:14:35.683+0000: 39897: debug : qemuDomainLogAppendMessage:7213 : Append log message (vm='rhel9.3' message='2023-04-04 10:14:35.683+0000: Domain id=4 is tainted: custom-ga-command

(The tainted message is printed when invoking guest-agent-command for the first time. And no new logs about tainted messages printed for the later invoking, logs are not spammed)
Comment 5 Lili Zhu 2023-05-21 04:05:15 UTC 
Verify this bug with:
libvirt-9.3.0-1.el9.x86_64

The verification steps are the same with the ones in Comment #2, mark the bug as verified.
Comment 8 errata-xmlrpc 2023-11-07 08:31:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: libvirt security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6409
Note You need to log in before you can comment on or make changes to this bug.