2014-07-07 23:26:59 |
Grant Murphy |
bug |
|
|
added bug |
2014-07-07 23:27:36 |
Grant Murphy |
bug |
|
|
added subscriber Garth Mollett |
2014-07-07 23:28:18 |
Grant Murphy |
bug task added |
|
ossa |
|
2014-07-07 23:29:04 |
Grant Murphy |
description |
Garth Mollet of Red Hat reported the following when examining the fix for OSSA 2014-017:
.. there may still be a regression in the upstream patches.
With the new patch applied it appears unrescue can still fail if the live vm is in the suspended state. With the new patch unrescue will attempt to poweroff the vm, however poweroff will fail if state == suspended:
1210 # Only PoweredOn VMs can be powered off.
1215 # Raise Exception if VM is suspended
1216 elif pwr_state == "suspended":
1217 reason = _("instance is suspended and cannot be powered off.")
1218 raise exception.InstancePowerOffFailure(reason=reason)
And this exception will be uncaught in the case of a manual unrescue, leading to the same end scenario in Jaroslavs test above, where destroying the vm in error state will leave the -rescue instance.
Red Hat bugzilla reference - https://bugzilla.redhat.com/show_bug.cgi?id=1108406
Can we confirm if this is a regression / incomplete fix of bug #1269418 ? |
Garth Mollet of Red Hat reported the following when examining the fix for OSSA 2014-017:
.. there may still be a regression in the upstream patches.
With the new patch applied it appears unrescue can still fail if the live vm is in the suspended state. With the new patch unrescue will attempt to poweroff the vm, however poweroff will fail if state == suspended:
1210 # Only PoweredOn VMs can be powered off.
1215 # Raise Exception if VM is suspended
1216 elif pwr_state == "suspended":
1217 reason = _("instance is suspended and cannot be powered off.")
1218 raise exception.InstancePowerOffFailure(reason=reason)
And this exception will be uncaught in the case of a manual unrescue, leading to the same end scenario in Jaroslavs test above, where destroying the vm in error state will leave the -rescue instance.
Red Hat bugzilla reference - https://bugzilla.redhat.com/show_bug.cgi?id=1108406
Can we confirm if this is a regression / incomplete fix of bug #1269418 ? |
|
2014-07-07 23:30:19 |
Grant Murphy |
ossa: status |
New |
Incomplete |
|
2014-07-07 23:30:33 |
Grant Murphy |
bug |
|
|
added subscriber Nova Core security contacts |
2014-07-07 23:31:09 |
Grant Murphy |
description |
Garth Mollet of Red Hat reported the following when examining the fix for OSSA 2014-017:
.. there may still be a regression in the upstream patches.
With the new patch applied it appears unrescue can still fail if the live vm is in the suspended state. With the new patch unrescue will attempt to poweroff the vm, however poweroff will fail if state == suspended:
1210 # Only PoweredOn VMs can be powered off.
1215 # Raise Exception if VM is suspended
1216 elif pwr_state == "suspended":
1217 reason = _("instance is suspended and cannot be powered off.")
1218 raise exception.InstancePowerOffFailure(reason=reason)
And this exception will be uncaught in the case of a manual unrescue, leading to the same end scenario in Jaroslavs test above, where destroying the vm in error state will leave the -rescue instance.
Red Hat bugzilla reference - https://bugzilla.redhat.com/show_bug.cgi?id=1108406
Can we confirm if this is a regression / incomplete fix of bug #1269418 ? |
Garth Mollet of Red Hat reported the following when examining the fix for OSSA 2014-017:
.. there may still be a regression in the upstream patches.
With the new patch applied it appears unrescue can still fail if the live vm is in the suspended state. With the new patch unrescue will attempt to poweroff the vm, however poweroff will fail if state == suspended:
# Only PoweredOn VMs can be powered off.
# Raise Exception if VM is suspended
elif pwr_state == "suspended":
reason = _("instance is suspended and cannot be powered off.")
raise exception.InstancePowerOffFailure(reason=reason)
And this exception will be uncaught in the case of a manual unrescue, leading to the same end scenario in Jaroslavs test above, where destroying the vm in error state will leave the -rescue instance.
Red Hat bugzilla reference - https://bugzilla.redhat.com/show_bug.cgi?id=1108406
Can we confirm if this is a regression / incomplete fix of bug #1269418 ? |
|
2014-07-09 03:23:58 |
Grant Murphy |
bug |
|
|
added subscriber Jaroslav Henner |
2014-07-22 07:04:08 |
Grant Murphy |
ossa: status |
Incomplete |
Confirmed |
|
2014-07-22 07:25:47 |
Grant Murphy |
cve linked |
|
2014-2573 |
|
2014-07-28 14:11:12 |
Thierry Carrez |
ossa: importance |
Undecided |
Medium |
|
2014-07-28 14:11:59 |
Thierry Carrez |
ossa: status |
Confirmed |
Triaged |
|
2014-08-07 13:42:28 |
Thierry Carrez |
nova: assignee |
|
Andrew Laski (alaski) |
|
2014-08-14 22:02:32 |
Andrew Laski |
attachment added |
|
0001-VMWare-Check-for-rescue-disk-during-destroy.patch https://bugs.launchpad.net/ossa/+bug/1338830/+attachment/4177957/+files/0001-VMWare-Check-for-rescue-disk-during-destroy.patch |
|
2014-08-18 14:07:14 |
Thierry Carrez |
nova: status |
New |
In Progress |
|
2014-08-26 01:25:16 |
Garth Mollett |
cve linked |
|
2014-3608 |
|
2014-08-26 23:29:21 |
Grant Murphy |
summary |
Potential incomplete fix for OSSA 2014-017 |
Nova VMware driver still leaks rescued images (CVE-2014-3608) |
|
2014-08-27 02:07:56 |
Grant Murphy |
ossa: status |
Triaged |
In Progress |
|
2014-08-28 13:54:42 |
Andrew Laski |
bug |
|
|
added subscriber Matthew Booth |
2014-09-14 22:50:35 |
Sean Dague |
nova: importance |
Undecided |
Low |
|
2014-09-19 13:39:49 |
Thierry Carrez |
nominated for series |
|
nova/havana |
|
2014-09-19 13:39:49 |
Thierry Carrez |
bug task added |
|
nova/havana |
|
2014-09-19 13:39:49 |
Thierry Carrez |
nominated for series |
|
nova/icehouse |
|
2014-09-19 13:39:49 |
Thierry Carrez |
bug task added |
|
nova/icehouse |
|
2014-09-19 13:39:57 |
Thierry Carrez |
nova/icehouse: status |
New |
In Progress |
|
2014-09-19 13:40:01 |
Thierry Carrez |
nova: status |
In Progress |
Invalid |
|
2014-09-19 13:40:06 |
Thierry Carrez |
nova/havana: status |
New |
Incomplete |
|
2014-09-22 14:11:41 |
Thierry Carrez |
nova/havana: status |
Incomplete |
Won't Fix |
|
2014-09-29 14:01:24 |
Thierry Carrez |
nova/icehouse: status |
In Progress |
Fix Committed |
|
2014-09-29 20:13:26 |
Tristan Cacqueray |
ossa: status |
In Progress |
Fix Committed |
|
2014-10-02 15:03:25 |
Tristan Cacqueray |
summary |
Nova VMware driver still leaks rescued images (CVE-2014-3608) |
[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608) |
|
2014-10-02 15:06:23 |
Tristan Cacqueray |
information type |
Private Security |
Public Security |
|
2014-10-02 15:10:14 |
Tristan Cacqueray |
ossa: status |
Fix Committed |
Fix Released |
|
2014-10-02 21:16:34 |
Adam Gandelman |
nova/icehouse: assignee |
|
Cyril Roelandt (cyril-roelandt) |
|
2014-10-02 21:16:40 |
Adam Gandelman |
nova/icehouse: milestone |
|
2014.1.3 |
|
2014-10-02 23:49:11 |
Adam Gandelman |
nova/icehouse: status |
Fix Committed |
Fix Released |
|
2014-11-17 17:36:54 |
Launchpad Janitor |
branch linked |
|
lp:~corey.bryant/nova/2014.1.3-0ubuntu2 |
|
2014-11-17 19:54:35 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-server-dev/nova/icehouse |
|