pci device duplicate attach after intance evacuated
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Expired
|
Undecided
|
Unassigned |
Bug Description
my openstack version is openstack-
after I evacuated an instance use:
nova evacuate 837e283a-
I found this instance's pci device duplicated in virsh xml ,here are:
<video>
<model type='cirrus' vram='16384' heads='1' primary='yes'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x85' slot='0x00' function='0x0'/>
</source>
<alias name='hostdev0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</hostdev>
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</source>
<alias name='hostdev1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</hostdev>
it suppose to be only one PCI passthough device. then I try more times,every time nova add a new pci passthough
device to this instance during evacuate.the database finally like this. :
deleted|id |compute_
-------
0|726| 189|0000:
0|747| 195|0000:
0|828| 216|0000:
0|915| 237|0000:
so this instance now has 4 pci passthough device from four different hosts.
You've filed this as a private report of a suspected security vulnerability, but based on your description this needs admin interaction to exploit (presumably untrusted users aren't granted access to trigger host evacuation in any typical environment?).
Can you confirm whether you wanted this treated as a report of a suspected vulnerability, or are merely attempting to file a normal bug report?