[Ubuntu 20.04] Stale libvirt cache leads to VM startup failures
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
Medium
|
Skipper Bug Screeners | ||
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Christian Ehrhardt | ||
Groovy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
* capability caching by libvirt is required for efficiency, but
often stumbles over changes it misses to pick up and refresh
* This backports several fixes to catch more of such situations
and refresh the caches in those cases
- AMD SEV changed
- s390x protvirt changed
- CPU changed
* Backporting these changes
[Test Case]
* For AMS SEV and s390x protvirt you'd need the respective HW and
environments. Maybe IBM can test the latter then.
- For nested we can test it thou
1. create a guest with host-model type
2. install libvirt in the guest
3. run "virsh capabilities" and save it to a file
4. shut down guest
5. edit the guest and take away some cpu features
6. start guest again and run "virsh capabilities" again
It will still report these features as present (wrong)
With the fix at #6 it will realize the CPU has changed and refresh the
capabilities cache.
[Regression Potential]
* This increases the amount of capability refreshes, the regression that
comes to mind is that if this contains false-positives it might trigger
too often and therefore slow down operations on systems where this
happens.
Functionally that would be no breakage, even not caching at all works
fine, but a performance issue. The added tests seem fine thou as a cpu
attribute has to change which isn't a high frequency event.
[Other Info]
* n/a
---
Stale libvirt cache leads to VM startup failures
Contact Information = Viktor Mihajlovski <email address hidden>
---Additional Hardware Info---
Z15 with IBM Secute Execution
---uname output---
Linux linux02 5.4.0-21-generic #25-Ubuntu SMP Sat Mar 28 13:10:00 UTC 2020 s390x s390x s390x GNU/Linux
Machine Type = 8562 (IBM Z15)
---Debugger---
A debugger is not configured
---Steps to Reproduce---
1. Install Ubuntu 20.04 in the LPAR
2. Modify the host kernel command line in /etc/zipl.conf to include prot_virt=1, run zipl and reboot.
3. Define at least one KVM guest with host CPU model and start and stop it
4. Define a secure KVM guest using the host CPU model and start and stop it.
5. Change back the host kernel command line, re-run zipl, reboot.
6. Try to start the first KVM guest, which fails with a message like:
error: internal error: qemu unexpectedly closed the monitor: 2020-04-
The reason for that is that libvirt caches the domaincapabilities reported during the first boot and doesn't update them after the reboot in step 5 even though changing the prot_virt= in the command line changes the CPU features as reported by domcapabilities. So even though the guest may not require the unpack feature, libvirt constructs a CPU model which can't be satisfied on this configuration.
The issue also occurs the other way around, going from prot_virt=0 to prot_virt=1, in which case the guest will fail to boot as it requires the unpack feature.
Manually removing the content of /var/cache/
Related branches
- Rafael David Tinoco (community): Approve
- Canonical Server: Pending requested
- Christian Ehrhardt : Pending requested
-
Diff: 10108 lines (+9168/-74)46 files modifieddebian/changelog (+7070/-25)
debian/control (+16/-16)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+1/-1)
debian/libvirt-daemon-system.postinst (+128/-0)
debian/libvirt-daemon-system.postrm (+26/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+27/-0)
debian/patches/series (+30/-0)
debian/patches/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch (+30/-0)
debian/patches/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch (+28/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0030-virt-aa-helper-Complete-9p-support.patch (+36/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+33/-0)
debian/patches/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch (+19/-0)
debian/patches/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch (+41/-0)
debian/patches/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch (+65/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu-aa/lp-1847361-load-versioned-module.patch (+44/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+49/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+20/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+290/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+60/-0)
debian/patches/ubuntu/parallel-shutdown.patch (+25/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/tools-fix-libvirt-guests.sh-text-assignments.patch (+405/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/patches/virdevmapper-Don-t-cache-device-mapper-major.patch (+88/-0)
debian/patches/virdevmapper-Handle-kernel-without-device-mapper-support.patch (+76/-0)
debian/patches/virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch (+76/-0)
debian/rules (+14/-4)
debian/tests/control (+2/-1)
debian/tests/smoke-lxc (+2/-2)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)
CVE References
tags: | added: architecture-s39064 bugnameltc-185546 severity-medium targetmilestone-inin2004 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
status: | Incomplete → Triaged |
Changed in libvirt (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → Christian Ehrhardt (paelzer) |
Changed in ubuntu-z-systems: | |
assignee: | Christian Ehrhardt (paelzer) → Skipper Bug Screeners (skipper-screen-team) |
Changed in libvirt (Ubuntu Groovy): | |
status: | Triaged → In Progress |
Changed in ubuntu-z-systems: | |
status: | Triaged → In Progress |
description: | updated |
Changed in libvirt (Ubuntu Groovy): | |
assignee: | Christian Ehrhardt (paelzer) → nobody |
Changed in libvirt (Ubuntu Focal): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
status: | New → In Progress |
Changed in ubuntu-z-systems: | |
status: | In Progress → Incomplete |
Changed in ubuntu-z-systems: | |
status: | Incomplete → In Progress |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
Was this problem already reported upstream and a fix made available?
Btw. the latest (and wit that GA) kernel of 20.04 is: 5.4.0-26