[libvirt] Virtqueue size exceeded error when resuming VM

Moshe Levi moshele at mellanox.com
Tue Aug 30 08:25:27 UTC 2016 

It seem that on Ubuntu they reverted the patch  See https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1612089

I tested on Ubuntu with  14.04 and it working 

ii  ipxe-qemu                           1.0.0+git-20131111.c3d1e78-2ubuntu1.1   all          PXE boot firmware - ROM images for qemu
ii  qemu-keymaps                        2.0.0+dfsg-2ubuntu1.22                  all          QEMU keyboard maps
ii  qemu-kvm                            2.0.0+dfsg-2ubuntu1.27                  amd64        QEMU Full virtualization
ii  qemu-system-common                  2.0.0+dfsg-2ubuntu1.22                  amd64        QEMU full system emulation binaries (common files)
ii  qemu-system-x86                     2.0.0+dfsg-2ubuntu1.27 

I also test it with Ubuntu  16.04 and it working.
But on redhat  7.2  I still have the issue.
qemu-img-1.5.3-105.el7_2.7.x86_64
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64
qemu-system-x86-2.0.0-1.el7.6.x86_64
ipxe-roms-qemu-20160127-1.git6366fa7a.el7.noarch
qemu-common-2.0.0-1.el7.6.x86_64
qemu-kvm-common-1.5.3-105.el7_2.7.x86_64
qemu-kvm-1.5.3-105.el7_2.7.x86_64
I didn't find new packages that revert the patch. Does anyone know what is the plan for RedHat?


> -----Original Message-----
> From: Moshe Levi
> Sent: Monday, August 08, 2016 2:50 PM
> To: Libvirt <libvir-list at redhat.com>
> Subject: Virtqueue size exceeded error when resuming VM
> 
> Hi,
> A new security fix [1],[2] and [3] merged to qemu.
> After updating the packages we started to get "qemu-system-x86_64:
> Virtqueue size exceeded", when resuming the guest.
> 
> Our environment is OpenStack master and we have Mellanox CI that test SR-
> IOV functionality.
> Ubuntu 14.04 with Qemu 2.0.0+dfsg-2ubuntu1.26 that contains the fixes see
> [2]
> ii  qemu-kvm                            2.0.0+dfsg-2ubuntu1.26                  amd64        QEMU
> Full virtualization
> ii  qemu-system-x86                     2.0.0+dfsg-2ubuntu1.26                  amd64
> QEMU full system emulation binaries (x86)
> ii  qemu-utils                          2.0.0+dfsg-2ubuntu1.26                  amd64        QEMU
> utilities
> Our CI started to fail last week when this security packages released.
> 
> The scenarios is  as follows (sorry for the OpenStack commands :)) :
> 1. nova boot guest
> 2. nova suspend guest
> 3. nova resume guest
> 
> The result is that the guest is in poweroff state and when I power it on
> everything is working fine.
> 
> I tested in direct port (SR-IOV) and normal port (virtual port) and it happens
> in both cases.
> 
> 
> According to the [3] it prevent from malicious guest to submit more requests
> than the virtqueuesize permits.
> Our CI uses proprietary Cirros image with mlnx4_en driver.
> (http://13.69.151.247/images/mellanox_eth.img)
> I started to test it with other images to see if the problem with our image.
> I also tested with Ubuntu image - https://cloud-
> images.ubuntu.com/wily/current/wily-server-cloudimg-amd64-disk1.img
> And OpenStack Cirros image http://download.cirros-cloud.net/0.3.4/cirros-
> 0.3.4-x86_64-disk.img
> 
> The Ubuntu image had the same failure, but the  Cirros worked.
> 
> I wonder if there is a problem with the patch or with the images?
> What in these images can make them malicious guest?
> 
> 
> 
> [1] - https://access.redhat.com/security/cve/cve-2016-5403
> [2] - http://www.ubuntu.com/usn/usn-3047-1/
> [3] - https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06257.html

More information about the libvir-list mailing list