[libvirt] Virtqueue size exceeded error when resuming VM
moshele at mellanox.com
Tue Aug 30 08:25:27 UTC 2016
It seem that on Ubuntu they reverted the patch See https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1612089
I tested on Ubuntu with 14.04 and it working
ii ipxe-qemu 1.0.0+git-20131111.c3d1e78-2ubuntu1.1 all PXE boot firmware - ROM images for qemu
ii qemu-keymaps 2.0.0+dfsg-2ubuntu1.22 all QEMU keyboard maps
ii qemu-kvm 2.0.0+dfsg-2ubuntu1.27 amd64 QEMU Full virtualization
ii qemu-system-common 2.0.0+dfsg-2ubuntu1.22 amd64 QEMU full system emulation binaries (common files)
ii qemu-system-x86 2.0.0+dfsg-2ubuntu1.27
I also test it with Ubuntu 16.04 and it working.
But on redhat 7.2 I still have the issue.
I didn't find new packages that revert the patch. Does anyone know what is the plan for RedHat?
> -----Original Message-----
> From: Moshe Levi
> Sent: Monday, August 08, 2016 2:50 PM
> To: Libvirt <libvir-list at redhat.com>
> Subject: Virtqueue size exceeded error when resuming VM
> A new security fix , and  merged to qemu.
> After updating the packages we started to get "qemu-system-x86_64:
> Virtqueue size exceeded", when resuming the guest.
> Our environment is OpenStack master and we have Mellanox CI that test SR-
> IOV functionality.
> Ubuntu 14.04 with Qemu 2.0.0+dfsg-2ubuntu1.26 that contains the fixes see
> ii qemu-kvm 2.0.0+dfsg-2ubuntu1.26 amd64 QEMU
> Full virtualization
> ii qemu-system-x86 2.0.0+dfsg-2ubuntu1.26 amd64
> QEMU full system emulation binaries (x86)
> ii qemu-utils 2.0.0+dfsg-2ubuntu1.26 amd64 QEMU
> Our CI started to fail last week when this security packages released.
> The scenarios is as follows (sorry for the OpenStack commands :)) :
> 1. nova boot guest
> 2. nova suspend guest
> 3. nova resume guest
> The result is that the guest is in poweroff state and when I power it on
> everything is working fine.
> I tested in direct port (SR-IOV) and normal port (virtual port) and it happens
> in both cases.
> According to the  it prevent from malicious guest to submit more requests
> than the virtqueuesize permits.
> Our CI uses proprietary Cirros image with mlnx4_en driver.
> I started to test it with other images to see if the problem with our image.
> I also tested with Ubuntu image - https://cloud-
> And OpenStack Cirros image http://download.cirros-cloud.net/0.3.4/cirros-
> The Ubuntu image had the same failure, but the Cirros worked.
> I wonder if there is a problem with the patch or with the images?
> What in these images can make them malicious guest?
>  - https://access.redhat.com/security/cve/cve-2016-5403
>  - http://www.ubuntu.com/usn/usn-3047-1/
>  - https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06257.html
More information about the libvir-list