NUMA tuning broken in select libvirt versions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Matt Riedemann |
Bug Description
#1438226 reported that CPU pinning was broken in select versions of libvirt. Further investigation has highlighted issues with NUMA tuning in general on these versions. On some versions of libvirt, the same error messages seen when configuring CPU pinning are seen when configuring NUMA tuning (e.g. with use of the 'hw:numa-nodes' flavor key). This would suggest that the entire NUMA tuning feature is broken on these versions, rather than just CPU pinning. The results from testing, mostly duplicated from the aforementioned bug report, are given below.
This is somewhat related to #1422775 ("nova libvirt driver assumes qemu support for NUMA pinning").
---
# Testing Configuration
Testing was conducted in a container which provided a single-node, Fedora 21-based (3.17.8-
# Results
The results are as follows (currently incomplete):
versions status
-------- ------
1.2.9 ok
1.2.9.1 ok
1.2.9.2 fail
1.2.9.3 ok
1.2.10 ok
1.2.11 ok
1.2.12 ok
v1.2.9.2 is broken by this (backported) patch:
https:/
This can be seen as commit
e226772 (qemu: fix domain startup failing with 'strict' mode in numatune)
# Error logs
v1.2.9.2 produces the following exception:
Traceback (most recent call last):
File "/opt/stack/
yield resources
File "/opt/stack/
File "/opt/stack/
File "/opt/stack/
File "/opt/stack/
File "/usr/lib/
File "/opt/stack/
File "/usr/lib/
result = proxy_call(
File "/usr/lib/
rv = execute(f, *args, **kwargs)
File "/usr/lib/
File "/usr/lib/
rv = meth(*args, **kwargs)
File "/usr/lib64/
if ret == -1: raise libvirtError ('virDomainCrea
libvirtError: Failed to create controller cpu for group: No such file or directory
information type: | Public → Public Security |
description: | updated |
description: | updated |
Changed in nova: | |
milestone: | none → liberty-1 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | liberty-1 → 12.0.0 |
You currently have this open as a security bug, indicating you believe it represents an exploitable vulnerability in the software. Can you elaborate on the circumstances under which this bug might be exploited by a malicious actor, and the risks it implies?