Bug 997818 - [LXC] crash of libvirtd with 'none' type security label
[LXC] crash of libvirtd with 'none' type security label
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt (Show other bugs)
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Michal Privoznik
Virtualization Bugs
Depends On:
  Show dependency treegraph
Reported: 2013-08-16 05:07 EDT by Alex Jia
Modified: 2013-11-21 04:08 EST (History)
5 users (show)

See Also:
Fixed In Version: libvirt-0.10.2-23.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-11-21 04:08:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alex Jia 2013-08-16 05:07:44 EDT
Description of problem:
If manually edit LXC guest XML with line <seclabel type='none'/> and without security model, the libvirtd will crash when to start the LXC guest.

Version-Release number of selected component (if applicable):
# rpm -q libvirt kernel

How reproducible:

Steps to Reproduce:
1. virsh edit "<seclabel type='none'/>" line into LXC guest XML and save configuration
2. virsh start <domain>

Actual results:

error: Failed to start domain toy
error: End of file while reading data: Input/output error

Expected results:
no crash

Additional info:

# virsh -c lxc:/// dumpxml toy
<domain type='lxc'>
  <memory unit='KiB'>500000</memory>
  <currentMemory unit='KiB'>500000</currentMemory>
  <vcpu placement='static'>4</vcpu>
    <type arch='x86_64'>exe</type>
  <clock offset='utc'/>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/'/>
      <target dir='/'/>
    <console type='pty'>
      <target type='lxc' port='0'/>
  <seclabel type='none'/>

# virsh -c lxc:/// start toy
error: Failed to start domain toy
error: End of file while reading data: Input/output error

# service libvirtd status
libvirtd dead but pid file exists

Notes, it's okay for QEMU driver, the "model='selinux'" will be automatically append into line "<seclabel type='none'/>", so we probably need to add security driver for label selinux with LXC driver. In addition, operation virDomainCreate forbidden for read only access, but not sure whether other callers also use 'virSecurityManagerGenLabel' via a read-only client then crash libvirtd.

GDB backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f638599b700 (LWP 24630)]
__strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:2112
2112            movdqa  (%rdi), %xmm2
(gdb) bt
#0  __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:2112
#1  0x0000003655d99299 in virSecurityManagerGenLabel (mgr=<value optimized out>, vm=0x7f637c2f7280) at security/security_manager.c:337
#2  0x00000000004d210d in virLXCProcessStart (conn=0x7f636c000ae0, driver=0x7f637c22e280, vm=0x7f637c2bfcb0, autoDestroy=false, reason=VIR_DOMAIN_RUNNING_BOOTED) at lxc/lxc_process.c:996
#3  0x00000000004cd4ed in lxcDomainStartWithFlags (dom=0x7f6364000900, flags=0) at lxc/lxc_driver.c:1007
#4  0x0000003655cf56f0 in virDomainCreate (domain=0x7f6364000900) at libvirt.c:8319
#5  0x0000000000440212 in remoteDispatchDomainCreate (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f638599ab80, args=<value optimized out>, 
    ret=<value optimized out>) at remote_dispatch.h:1066
#6  remoteDispatchDomainCreateHelper (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f638599ab80, args=<value optimized out>, ret=<value optimized out>)
    at remote_dispatch.h:1044
#7  0x0000003655d401e2 in virNetServerProgramDispatchCall (prog=0xcff940, server=0xcf6ef0, client=0xcfdc90, msg=0xcfc4b0) at rpc/virnetserverprogram.c:431
#8  virNetServerProgramDispatch (prog=0xcff940, server=0xcf6ef0, client=0xcfdc90, msg=0xcfc4b0) at rpc/virnetserverprogram.c:304
#9  0x0000003655d414ce in virNetServerProcessMsg (srv=<value optimized out>, client=0xcfdc90, prog=<value optimized out>, msg=0xcfc4b0) at rpc/virnetserver.c:170
#10 0x0000003655d41b6c in virNetServerHandleJob (jobOpaque=<value optimized out>, opaque=0xcf6ef0) at rpc/virnetserver.c:191
#11 0x0000003655c63e9c in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:144
#12 0x0000003655c63789 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#13 0x00000038baa077f1 in start_thread (arg=0x7f638599b700) at pthread_create.c:301
#14 0x00000033f68e570d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Comment 2 Michal Privoznik 2013-08-20 05:44:25 EDT
Fixed upstream:

commit ba44dd2453d486e9eb8c6204f8d7c31d07007d8f
Author:     Michal Privoznik <mprivozn@redhat.com>
AuthorDate: Mon Jul 15 15:50:29 2013 +0200
Commit:     Michal Privoznik <mprivozn@redhat.com>
CommitDate: Wed Jul 17 12:36:47 2013 +0200

    virSecurityManagerGenLabel: Skip seclabels without model
    While generating seclabels, we check the seclabel stack if required
    driver is in the stack. If not, an error is returned. However, it is
    possible for a seclabel to not have any model set (happens with LXC
    domains that have just <seclabel type='none'>). If that's the case,
    we should just skip the iteration instead of calling STREQ(NULL, ...)
    and SIGSEGV-ing subsequently.



Hence moving to POST.
Comment 4 Luwen Su 2013-08-22 23:13:15 EDT
Verified this one with

1.Reproduced with libvirt -22 version
2.Because of  Bug 984597 , i used 6.4.z's kernel
3.Because of  Bug 904951 , the lxc start too slow if setenforce 1.

Same steps with comment 0 , libvirtd not crashed and no error log in libvirtd.log with the latest build , so set VERIFIED
Comment 6 errata-xmlrpc 2013-11-21 04:08:46 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.