From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:53778) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TdNnu-0001LC-M7 for qemu-devel@nongnu.org; Tue, 27 Nov 2012 11:14:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TdNno-0002t2-6a for qemu-devel@nongnu.org; Tue, 27 Nov 2012 11:14:34 -0500 Received: from e3.ny.us.ibm.com ([32.97.182.143]:52493) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TdNno-0002sq-1T for qemu-devel@nongnu.org; Tue, 27 Nov 2012 11:14:28 -0500 Received: from /spool/local by e3.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 27 Nov 2012 11:14:27 -0500 Received: from d01relay03.pok.ibm.com (d01relay03.pok.ibm.com [9.56.227.235]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id A83B56E8048 for ; Tue, 27 Nov 2012 11:11:37 -0500 (EST) Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d01relay03.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id qARGBb8A243402 for ; Tue, 27 Nov 2012 11:11:37 -0500 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id qARGBZTO029507 for ; Tue, 27 Nov 2012 09:11:35 -0700 Message-ID: <50B4E634.1010902@linux.vnet.ibm.com> Date: Tue, 27 Nov 2012 11:11:32 -0500 From: Corey Bryant MIME-Version: 1.0 References: <1352749698-1219-1-git-send-email-otubo@linux.vnet.ibm.com> <50B3CA19.1050206@linux.vnet.ibm.com> <9815812.ZAqY6XohYC@sifl> <20834744.ZIVpS0hmCl@sifl> In-Reply-To: <20834744.ZIVpS0hmCl@sifl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCHv3 1/5] seccomp: adding new syscalls (bugzilla 855162) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paul Moore Cc: qemu-devel@nongnu.org, Eduardo Otubo On 11/26/2012 04:48 PM, Paul Moore wrote: > On Monday, November 26, 2012 03:41:00 PM Paul Moore wrote: >> On Monday, November 26, 2012 02:59:21 PM Corey Bryant wrote: >>> On 11/26/2012 12:08 PM, Paul Moore wrote: >>>> On Monday, November 26, 2012 11:41:06 AM Corey Bryant wrote: >>>>> On 11/21/2012 10:24 AM, Paul Moore wrote: >>>>>> On Wednesday, November 21, 2012 11:20:44 AM Eduardo Otubo wrote: >>>>>>> Hello folks, >>>>>>> >>>>>>> Does anyone had a chance to take a look at this? We would like to get >>>>>>> this into the 1.3 release. >>>>>>> >>>>>>> Thanks again :) >>>>>> >>>>>> I way a bit delayed due to travel, but I started playing with it a bit >>>>>> yesterday afternoon and unfortunately it still doesn't work for me >>>>>> (using the same test/reproducer I documented in the RH BZ). I've >>>>>> tried running QEMU both via libvirt and the command line (using a >>>>>> libvirt derived command line). >>>>>> >>>>>> I'm applying the patches to the F17 QEMU 1.2 package; there is some >>>>>> minor fixup needed in the configure script but nothing major. >>>>>> >>>>>> What is further frustrating is that the debug code (patch 5/5) doesn't >>>>>> seem to output the problematic syscall. I wanted to investigate this >>>>>> a bit more before responding, but with the holiday approaching >>>>>> (Thanksgiving in the US), I'm not sure how much progress I'll be able >>>>>> to make for the remainder of this week. Sorry about that. >>>>>> >>>>>> If you have any further questions about how, or what, I'm testing, >>>>>> just ask. >>>>> >>>>> Paul, Is your host 32 or 64-bit? >>>> >>>> 64-bit >>> >>> I'm having trouble recreating this. I'm running a Fedora 17 64-bit host >>> and a Fedora 17 64-bit guest with domain XML that mirrors yours. >>> >>> Here's the domain XML I'm using and the resulting QEMU command line: >>> >>> Domain XML: http://pastebin.com/DWa4RQ1Y >>> Command line: http://pastebin.com/2QTWsUhP >>> >>> I'm running with QEMU commit 8db972cfa469b4e4afd9c65e54e796b83b5ce3a2 >>> which is 1.2.0 with: (a) just the first patch applied, as well as with >>> (b) all of this patch series applied. >>> >>> Any thoughts on what could be different? >> >> Like I said earlier, I'm running with the F17 QEMU 1.2 package, >> qemu-1.2.0-16.fc18 to be exact, with Eduardo's patches applied on top. >> >> I'm currently testing another set of interim patches from Eduardo that was >> sent off-list for testing (you were CC'd); hopefully that will resolve the >> problem. > > Unfortunately, the latest patches from Eduardo met with the same fate. Here > is more detailed information on my system (HP DL160 G5, F17, 64-bit): > > # uname -r > 3.6.7-4.fc17.x86_64 > > [NOTE: standard F17 kernel] > > # rpm -qa | grep qemu > qemu-kvm-tools-1.2.0-16.pm5.fc17.x86_64 > qemu-common-1.2.0-16.pm5.fc17.x86_64 > qemu-kvm-1.2.0-16.pm5.fc17.x86_64 > ipxe-roms-qemu-20120328-1.gitaac9718.fc17.noarch > qemu-img-1.2.0-16.pm5.fc17.x86_64 > qemu-system-x86-1.2.0-16.pm5.fc17.x86_64 > > [NOTE: the 'pm5' is my designation indicating the patched version] > > # ./qemu_seccomp.sh -sandbox off > char device redirected to /dev/pts/0 > do_spice_init: starting 0.10.1 > spice_server_add_interface: SPICE_INTERFACE_MIGRATION > spice_server_add_interface: SPICE_INTERFACE_KEYBOARD > spice_server_add_interface: SPICE_INTERFACE_MOUSE > spice_server_add_interface: SPICE_INTERFACE_QXL > red_worker_main: begin > display_channel_create: create display channel > cursor_channel_create: create cursor channel > spice_server_add_interface: SPICE_INTERFACE_PLAYBACK > spice_server_add_interface: SPICE_INTERFACE_RECORD > [NOTE: I hit Ctrl-C at this point] > qemu: terminating on signal 2 > spice_server_remove_interface: remove SPICE_INTERFACE_PLAYBACK > spice_server_remove_interface: remove SPICE_INTERFACE_RECORD > > # ./qemu_seccomp.sh -sandbox on > char device redirected to /dev/pts/0 > do_spice_init: starting 0.10.1 > spice_server_add_interface: SPICE_INTERFACE_MIGRATION > spice_server_add_interface: SPICE_INTERFACE_KEYBOARD > spice_server_add_interface: SPICE_INTERFACE_MOUSE > spice_server_add_interface: SPICE_INTERFACE_QXL > red_worker_main: begin > ./qemu_seccomp.sh: line 28: 21085 Bad system call /usr/bin/qemu-kvm -S > -M pc-0.14 -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -name f16- > test-1 -uuid 13c7da9b-a79a-0688-267a-8206136bc8d6 -nodefconfig -nodefaults - > chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/f16- > test-1.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control > -rtc base=utc -no-shutdown -device virtio-serial-pci,id=virtio- > serial0,bus=pci.0,addr=0x5 -device piix3-usb- > uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/f16- > test-1.img,if=none,id=drive-virtio-disk0,format=raw -device virtio-blk- > pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio- > disk0,bootindex=1 -netdev user,id=hostnet0 -device virtio-net- > pci,netdev=hostnet0,id=net0,mac=52:54:00:9a:9d:63,bus=pci.0,addr=0x3 -chardev > pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev > spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio- > serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 - > device usb-tablet,id=input0 -spice port=5900,addr=127.0.0.1,disable-ticketing > -vga qxl -global qxl-vga.vram_size=67108864 -device intel- > hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0- > codec0,bus=sound0.0,cad=0 -device virtio-balloon- > pci,id=balloon0,bus=pci.0,addr=0x7 $* > > [NOTE: my test script, qemu_seccomp.sh, is attached] > Thanks for the additional details. They were very useful. I was able to reproduce this when I manually built spice release 0.10.1, but not with the Fedora 0.10.1 package. One difference I noticed is that the Fedora version wasn't logging info messages. Nonetheless, we'll send new patches soon. It looks like the following were missing: epoll_create, epoll_wait, and epoll_ctl -- Regards, Corey Bryant