Resize/delete combo allows to overload nova-compute (CVE-2015-3241)

Still waiting for the fix to be merged to upstream stable/kilo.

^ https://review.openstack.org/#/c/209856/

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Roman Podoliaka <email address hidden>
Review: https://review.fuel-infra.org/10563

Reviewed: https://review.fuel-infra.org/10563
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-7.0/2015.1.0

Commit: ccf158fc42951206e3360d9bfa6a5ef9f6fdb934
Author: Roman Podoliaka <email address hidden>
Date: Wed Aug 19 12:29:56 2015

Merge remote-tracking branch 'origin/stable/kilo' into merge_stable_kilo

Conflicts:
 nova/compute/manager.py
 nova/tests/unit/compute/test_compute.py
 nova/tests/unit/compute/test_compute_mgr.py
 requirements.txt

Closes-Bug: #1466077

Change-Id: I5d7fbbf07d0470897df3c7332c53c50ac3ca7418

Fix proposed to branch: openstack-ci/fuel-6.0-updates/2014.2
Change author: Alexandr Nevenchannyy <email address hidden>
Review: https://review.fuel-infra.org/10814

Related fix proposed to branch: openstack-ci/fuel-6.0-updates/2014.2
Change author: Alexandr Nevenchannyy <email address hidden>
Review: https://review.fuel-infra.org/11073

Change abandoned by Alexandr Nevenchannyy <email address hidden> on branch: openstack-ci/fuel-6.0-updates/2014.2
Review: https://review.fuel-infra.org/10814
Reason: broken fix

Change restored by Alexandr Nevenchannyy <email address hidden> on branch: openstack-ci/fuel-6.0-updates/2014.2
Review: https://review.fuel-infra.org/10814
Reason: restore

verified on 6.0.

verified on 7.0 iso #246

Reviewed: https://review.fuel-infra.org/11073
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-6.0-updates/2014.2

Commit: acfb0be35291b3fdc7456ae4cf4ae968e248729e
Author: Alexandr Nevenchannyy <email address hidden>
Date: Wed Sep 2 14:42:22 2015

Sync process utils from oslo for execute callbacks

------------------------------------------------
The sync pulls in the following changes:

Ifc23325 Add 2 callbacks to processutils.execute()
I22b2d7b processutils: ensure on_completion callback is always called
I59d5799 Let oslotest manage the six.move setting for mox
I245750f Remove `processutils` dependency on `log`
Ia5bb418 Fix exception message in openstack.common.processutils.execute
-----------------------------------------------

Change-Id: I6b4e0c4eb84d92249d501ea9d73bb3c56e00b12d
Related-Bug: #1466077

Reviewed: https://review.fuel-infra.org/10814
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-6.0-updates/2014.2

Commit: 3ab1faf96ee868375ea2397010161309b016cc10
Author: Alexandr Nevenchannyy <email address hidden>
Date: Wed Sep 2 14:44:36 2015

libvirt: Kill rsync/scp processes before deleting instance

In the resize operation, during copying files from source to
destination compute node scp/rsync processes are not aborted after
the instance is deleted because linux kernel doesn't delete instance
files physically until all processes using the file handle is closed
completely. Hence rsync/scp process keeps on running until it
transfers 100% of file data.

Added new module instancejobtracker to libvirt driver which will add,
remove or terminate the processes running against particular instances.
Added callback methods to execute call which will store the pid of
scp/rsync process in cache as a key: value pair and to remove the
pid from the cache after process completion. Process id will be used to
kill the process if it is running while deleting the instance. Instance
uuid is used as a key in the cache and pid will be the value.

Conflicts:
        nova/tests/unit/virt/libvirt/test_driver.py
        nova/tests/unit/virt/libvirt/test_utils.py
        nova/virt/libvirt/driver.py
        nova/virt/libvirt/utils.py

Note: The required unit-tests are manually added to the below path,
as new path for unit-tests is not present in stable/juno release.
nova/tests/virt/libvirt/test_driver.py
nova/tests/virt/libvirt/test_utils.py

SecurityImpact

Closes-bug: #1466077

(cherry picked from commit Ie03acc00a7c904aec13c90ae6a53938d08e5e0c9)
(cherry picked from commit 7ab75d5b0b75fc3426323bef19bf436a258b9707)
(cherry picked from commit b5020a047fc487f35b76fc05f31e52665a1afda1)

Change-Id: Ic19dbaef2d0a131bfbb6320bc369d5c678bcbe3d

Related fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Alexandr Nevenchannyy <email address hidden>
Review: https://review.fuel-infra.org/12550

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Alexandr Nevenchannyy <email address hidden>
Review: https://review.fuel-infra.org/12551

Verified on 6.1:
packages:
nova-api,nova-cert,nova-common,nova-conductor,nova-consoleauth,nova-novncproxy,nova-objectstore,nova-scheduler,python-nova,nova-compute,nova-compute-kvm,nova-compute-libvirt
version:
1:2014.2.2-1~u14.04+mos36+git.b6b47e1.e8d151e
and apply patch: https://review.fuel-infra.org/#/c/12550/ after install these packages.

Reviewed: https://review.fuel-infra.org/12550
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-6.1/2014.2

Commit: 6b978710e354b243eb82a76d27819fcca81ff380
Author: Alexandr Nevenchannyy <email address hidden>
Date: Fri Oct 9 12:23:42 2015

Sync process utils from oslo for execute callbacks

------------------------------------------------
The sync pulls in the following changes:

Ifc23325 Add 2 callbacks to processutils.execute()
I22b2d7b processutils: ensure on_completion callback is always called
I59d5799 Let oslotest manage the six.move setting for mox
I245750f Remove `processutils` dependency on `log`
Ia5bb418 Fix exception message in openstack.common.processutils.execute
-----------------------------------------------

Change-Id: I6b4e0c4eb84d92249d501ea9d73bb3c56e00b12d
Related-Bug: #1466077
(cherry picked from commit acfb0be35291b3fdc7456ae4cf4ae968e248729e)

Reviewed: https://review.fuel-infra.org/12551
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-6.1/2014.2

Commit: 3e2a02d5ab4195bb1be9b94f5ca6777f0dce5dd8
Author: Alexandr Nevenchannyy <email address hidden>
Date: Fri Oct 9 12:23:42 2015

libvirt: Kill rsync/scp processes before deleting instance

In the resize operation, during copying files from source to
destination compute node scp/rsync processes are not aborted after
the instance is deleted because linux kernel doesn't delete instance
files physically until all processes using the file handle is closed
completely. Hence rsync/scp process keeps on running until it
transfers 100% of file data.

Added new module instancejobtracker to libvirt driver which will add,
remove or terminate the processes running against particular instances.
Added callback methods to execute call which will store the pid of
scp/rsync process in cache as a key: value pair and to remove the
pid from the cache after process completion. Process id will be used to
kill the process if it is running while deleting the instance. Instance
uuid is used as a key in the cache and pid will be the value.

Conflicts:
        nova/tests/unit/virt/libvirt/test_driver.py
        nova/tests/unit/virt/libvirt/test_utils.py
        nova/virt/libvirt/driver.py
        nova/virt/libvirt/utils.py

Note: The required unit-tests are manually added to the below path,
as new path for unit-tests is not present in stable/juno release.
nova/tests/virt/libvirt/test_driver.py
nova/tests/virt/libvirt/test_utils.py

SecurityImpact

Closes-bug: #1466077

Change-Id: Ic19dbaef2d0a131bfbb6320bc369d5c678bcbe3d
(cherry picked from commit 3ab1faf96ee868375ea2397010161309b016cc10)

Fix for 5.1.1-updates is on review: https://review.fuel-infra.org/#/c/11388

Reviewed: https://review.fuel-infra.org/11486
Submitter: Vitaly Sedelnik <email address hidden>
Branch: openstack-ci/fuel-5.1.1-updates/2014.1.1

Commit: 2780afd5d94118ece743d789e7d746edd223a5cf
Author: Jenkins <email address hidden>
Date: Tue Oct 27 09:56:29 2015

Sync process utils from oslo for execute callbacks

Conflicts:
 nova/openstack/common/processutils.py

Change-Id: Ifbfffa816a24b9c43a66ce7b780bcd2c1e1f147f
Related-bug: #1466077

Reviewed: https://review.fuel-infra.org/11388
Submitter: Vitaly Sedelnik <email address hidden>
Branch: openstack-ci/fuel-5.1.1-updates/2014.1.1

Commit: 55108287413606e4ed2ed5a1730666b828a289fc
Author: abhishekkekane <email address hidden>
Date: Tue Oct 27 12:42:23 2015

libvirt: Kill rsync/scp processes before deleting instance

In the resize operation, during copying files from source to
destination compute node scp/rsync processes are not aborted after
the instance is deleted because linux kernel doesn't delete instance
files physically until all processes using the file handle is closed
completely. Hence rsync/scp process keeps on running until it
transfers 100% of file data.

Added new module instancejobtracker to libvirt driver which will add,
remove or terminate the processes running against particular instances.
Added callback methods to execute call which will store the pid of
scp/rsync process in cache as a key: value pair and to remove the
pid from the cache after process completion. Process id will be used to
kill the process if it is running while deleting the instance. Instance
uuid is used as a key in the cache and pid will be the value.

Conflicts:
        nova/tests/unit/virt/libvirt/test_driver.py
        nova/tests/unit/virt/libvirt/test_utils.py
        nova/virt/libvirt/driver.py
        nova/virt/libvirt/utils.py

Note: The required unit-tests are manually added to the below path,
as new path for unit-tests is not present in stable/juno release.
nova/tests/virt/libvirt/test_driver.py
nova/tests/virt/libvirt/test_utils.py

SecurityImpact

Closes-bug: #1466077
Change-Id: Ie03acc00a7c904aec13c90ae6a53938d08e5e0c9
(cherry picked from commit 7ab75d5b0b75fc3426323bef19bf436a258b9707)
(cherry picked from commit b5020a047fc487f35b76fc05f31e52665a1afda1)
(cherry picked from commit 539693e40388c4729c99a2c133b573896296df2a)
Conflicts:
 nova/tests/virt/libvirt/test_image_utils.py
 nova/tests/virt/libvirt/test_libvirt.py
 nova/virt/libvirt/driver.py

Reproduced after apply fix on 5.1.1 env (Multinode: 1 node-controller+mongo. 3 nodes- compute+ceph)

Due to error during `release-update` this fix was not copied from stable repo to the mirrors, that is why the bug isn't still fixed.