libvirtd crashes when creating network interface pools in 6.0.0-0ubuntu8.13
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Critical
|
Matthew Ruffell |
Bug Description
[Impact]
A regression was introduced in libvirt 6.0.0-0ubuntu8.13 for Focal, that affects users who use SR-IOV to pass through VF devices to KVM guests.
The problem was introduced in the recent lp-1892132-
There is a fallback case where we record the name of the device at the beginning, and if we fail all other lookups, we simply return the beginning name.
In libvirt 6.0.0-0ubuntu8.13, a line to drop the reference to firstEntryName was dropped incorrectly:
- if (firstEntryName) {
- *netname = firstEntryName;
- firstEntryName = NULL;
- ret = 0;
+ if (firstEntryName) {
+ *netname = firstEntryName;
+ ret = 0;
This results in a double free, as netname and firstEntryName are freed, and results in the gdb trace:
#1 0x00007f40e5d1c859 in __GI_abort () at abort.c:79
#2 0x00007f40e5d873ee in __libc_message (action=
#3 0x00007f40e5d8f47c in malloc_printerr (str=str@
#4 0x00007f40e5d910ed in _int_free (av=0x7f40c8000020, p=0x7f40c80079e0, have_lock=0) at malloc.c:4201
#5 0x00007f40e61a9a4f in virFree (ptrptr=
#6 0x00007f40dd0cf8b1 in networkCreateIn
#7 0x00007f40dd0d799c in networkStartNet
#8 networkStartNetwork (driver=
#9 0x00007f40dd0d854d in networkCreate (net=0x7f40c800
#10 0x00007f40e63fac3f in virNetworkCreate (network=
#11 0x0000560240e255d1 in remoteDispatchN
#12 remoteDispatchN
#13 0x00007f40e630c970 in virNetServerPro
#14 virNetServerPro
#15 0x00007f40e6311c2c in virNetServerPro
#16 virNetServerHan
#17 0x00007f40e62301af in virThreadPoolWorker (opaque=
#18 0x00007f40e622f51c in virThreadHelper (data=<optimized out>) at ../../.
#19 0x00007f40e5ef2609 in start_thread (arg=<optimized out>) at pthread_
#20 0x00007f40e5e19293 in clone () at ../sysdeps/
The fix is to either make sure that firstEntryName = NULL; like before, or we replace with the upstream call to g_steal_
static inline gpointer
g_steal_pointer (gpointer pp)
{
gpointer *ptr = (gpointer *) pp;
gpointer ref;
ref = *ptr;
*ptr = NULL;
return ref;
}
[Testcase]
Deploy a machine with a NIC that supports SR-IOV. Note, only particular NICs will reach the end of virPCIGetNetName().
Install KVM stack:
$ sudo apt-get install qemu-kvm libvirt-
Edit /etc/default/grub and add "intel_iommu=on" to the kernel command line.
$ sudo update-grub
$ sudo reboot
Create the VFs via the sysfs node:
$ sudo -s
# cat /sys/class/
63
# echo '7' > /sys/class/
Next we need to define a virsh network, save the following in /tmp/passthroug
<network>
<name>
<forward mode='hostdev' managed='yes'>
<pf dev='eno49'/>
</forward>
</network>
$ virsh net-define /tmp/passthroug
$ virsh net-autostart passthrough
$ virsh net-start passthrough
We need to make an apparmor rule to enable vfio of our VF device.
Edit /etc/apparmor.
Add the line:
/dev/vfio/* rw,
Then restart apparmor:
$ sudo systemctl restart apparmor.service
Next make a Focal VM:
$ sudo apt install uvtool-libvirt
$ ssh-keygen
$ uvt-simplestrea
$ uvt-kvm create --cpu 4 --memory 4096 --disk 8 [ --password insecure ] focal-vm release=focal arch=amd64
$ uvt-kvm wait focal-vm
$ uvt-kvm ssh focal-vm # for ssh, key-based authentication.
$ virsh console focal-vm # for serial console, user ubuntu, password above.
Next, edit the virsh xml
$ virsh shutdown focal-vm
$ virsh edit focal-vm
Add:
<interface type='network'>
<source network=
</interface>
Save and reboot the VM.
$ virsh start focal-vm
[Where problems could occur]
If a regression were to occur, it would affect users who use SR-IOV to pass through VF devices into KVM guests, which is a large amount of our enterprise users.
The fix is a single line change, and simply replaces what was existing, but was mistakenly removed. The changes should be safe.
Changed in libvirt (Ubuntu Focal): | |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in libvirt (Ubuntu Focal): | |
assignee: | nobody → Matthew Ruffell (mruffell) |
description: | updated |
This is an updated lp-1892132- Add-phys_ port_name- support- on-virPCIGetNet Name.patch that uses g_steal_ pointer( &firstEntryName ); when assigning *netname.