Bug 624507 - Network filter driver not handling driver reload (SIGHUP) correctly
Summary: Network filter driver not handling driver reload (SIGHUP) correctly
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt   
(Show other bugs)
Version: 6.1
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Daniel Veillard
QA Contact: Virtualization Bugs
Keywords: RHELNAK
Depends On:
TreeView+ depends on / blocked
Reported: 2010-08-16 17:43 UTC by Stefan Berger
Modified: 2011-05-19 13:20 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-05-19 13:20:20 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0596 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2011-05-18 17:56:36 UTC

Description Stefan Berger 2010-08-16 17:43:01 UTC
Description of problem:

The network filter driver was not handling the driver reload upon SIGHUP correctly and could lead to crashes of libvirtd in case a VM using an nwfilter was running.

Version-Release number of selected component (if applicable):

How reproducible:

kill -SIGHUP <libvirtd pid>

Actual results:

If a VM using nwfilters is running and a SIGHUP signal is sent to libvirtd, a segmentation fault will result during nwfilter driver reload.

Expected results:

The nwfilter driver should rebuild the network traffic filters for VMs.

Additional info:

The following patches have been applied to recent libvirt tree to solve this problem (August 13 & 16):

ID of patch:


From an up-to-date libvirt checkout these patches can be downloaded using:

git log -p -n 1 ${id}

Comment 2 RHEL Product and Program Management 2010-08-16 17:58:42 UTC
This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **

Comment 3 Stefan Berger 2010-10-29 21:20:11 UTC
Patches have been applied as shown above. Can this bug be closed now?

Comment 5 xhu 2011-02-14 08:16:47 UTC
I have verified it on RHEL6_x86_64 Server with the following components and it passed:

The steps are as follows:
1 Get libvirtd pid and send SIGHUP to libvirtd 
# ps -edf|grep libvirtd
root      5968     1  0 16:59 ?        00:00:00 libvirtd --daemon
root      6153  6107  0 17:01 pts/0    00:00:00 grep libvirtd
# kill -SIGHUP 5968

2 list nwfilter rules
# virsh nwfilter-list
UUID                                  Name                 
d620cdf9-0f09-9d1c-2999-6c32bf718d3f  allow-arp           
5aba0b89-aa3d-a0ef-35d3-89f4e368c76d  allow-dhcp          
2db6d4b7-3608-b047-c675-a701c1e93d65  allow-dhcp-server   
26393bb3-f8b1-c485-e567-76d86eca445f  allow-incoming-ipv4 
b0e4f13b-ac3f-2ebd-cd4c-1ee5db3bb71a  allow-ipv4          
b190d301-7ac8-b077-f6fc-134170f0b0cd  clean-traffic       
f88f1932-debf-4aa1-9fbe-f10d3aa4bc95  no-arp-spoofing     
d5fb3aab-763d-9fd7-7224-a806b8401596  no-ip-multicast     
1ef235b7-73cc-2f41-ab61-458c05d05930  no-ip-spoofing      
a1a836f9-5d32-ce16-03d5-913181f38b29  no-mac-broadcast    
3ff93219-6da0-7c92-5b2d-8c0656b8a224  no-mac-spoofing     
2333635d-aa71-597c-1ef5-2155a9d751e4  no-other-l2-traffic 
0fb161d8-7dff-c453-e4d3-e9bdbb859233  no-other-rarp-traffic
e03ad655-95c8-a5d1-f6a6-65ab5f44b719  qemu-announce-self  
f4dae6b8-008e-f42e-777a-ae0ef9499592  qemu-announce-self-rarp

After step 1, no errors occur and the nwfilter rules can be listed

Comment 8 errata-xmlrpc 2011-05-19 13:20:20 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.