Bug 851013 - start lxc crash the kernel
start lxc crash the kernel
Status: CLOSED INSUFFICIENT_DATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.3
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Aristeu Rozanski
Red Hat Kernel QE team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-23 01:57 EDT by Steve Kieu
Modified: 2013-02-05 14:08 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-05 14:08:41 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Kieu 2012-08-23 01:57:08 EDT
Description of problem:

Security context inside CT is not tight, process inside guest can crash the host.
Also when start lxc - mount the sysfs affect the host as well - so sysfs is not correctly support multiple namespace.

Version-Release number of selected component (if applicable):


How reproducible:

I have a container and in the start up scripts it runs some command that interact with hardware (not quite sure what though as the cleanup and tune of the LXC is not perfect). Nevertheless the lxc config file does not allow to access to these devices and the sysfs inside the CT is read only - it still be able to crashed the kernel. After starting for a while I got:

* The host /sys is mounted readonly
* Then crashed:
Firmware bug the BIOS has corrupted hw-PMU resources MSR 186 is 53003c 

>> and a lot of dumping module ...

The CT fstab looks like this

none /opt/lxc/guest/cacti/dev/pts    devpts newinstance,ptmxmode=0666 0 0
none /opt/lxc/guest/cacti/proc    proc    nodev,noexec,nosuid 0 0
none /opt/lxc/guest/cacti/sys    sysfs    defaults,ro 0 0
none /opt/lxc/guest/cacti/dev/shm tmpfs defaults 0 0

and after started my host sysfs mounted at /sys has became readonly

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:

These above problem has not happened with kernel 3.2.18 and above. I think these fixes has gone into mainline, please do port it to RHEL kernel.


Additional info:
Comment 2 Aristeu Rozanski 2012-09-25 10:01:02 EDT
The hardware message suggests bug on the BIOS/hardware, not in the kernel. Can you reproduce the problem in another machine (different brand/model if possible)
Comment 3 Steve Kieu 2012-09-25 18:58:05 EDT
I am fore sure these bug:

* if mount sysfs for the guest as readonly, the host sysfs (current one) will be readonly too. The same apply for readwrite. 

That prevents me to use lxc at all. I need it to be mounted on the guest readonly because I do nto want any one on the guest (root) to be able to write into it to chnage the host settings.

And the crash here is probably due to kernel - hardware combination. But it does not happen with the same kernel - hardware if I do not use LXC at all.

Anyway currently the reported system is in production now, and we use custom built kernel 3.2.28 which is stable. There is no choice for me to test it again on that hardware. The lxc mount sysfs bug can be repeated in any system, even on a kvm host - and not only with readhat kernel but also with vanila 2.6.32.XX kernel. I have not test the procfs when in use with lxc, not sure how well support lxc is with 2.6.32.xx though.

If readhat can backported these lxc fixes from newer kernel to redhat 2.6.32.xx kernel then I do not need to use custom kernel which will be great.

Thanks
Comment 4 Steve Kieu 2012-09-25 19:00:32 EDT
A hint for backporting is that vanilla  kernel 2.6.35.13 on ward does not have the sysfs or any other lxc related problem
Comment 5 Aristeu Rozanski 2012-09-26 09:29:10 EDT
Do you still have a full dmesg out of the crash? I'll need a sosreport from the
machine too.
Comment 6 RHEL Product and Program Management 2012-12-14 03:51:28 EST
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 7 Aristeu Rozanski 2013-01-08 11:50:16 EST
Steve?
Comment 8 Aristeu Rozanski 2013-02-05 14:08:41 EST
I'm closing this bug with INSUFICIENT_DATA. Feel free to reopen when the requested
information is available.

Note You need to log in before you can comment on or make changes to this bug.