Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1118834 (vmgenid)
Summary: | [RFE] VM-Generation-ID - Detection of cloned environment using a unique, inmutable, intelligent identifier programmically accessible | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Karen Noel <knoel> | ||||
Component: | qemu-kvm-rhev | Assignee: | Michael S. Tsirkin <mst> | ||||
Status: | CLOSED ERRATA | QA Contact: | Guo, Zhiyi <zhguo> | ||||
Severity: | medium | Docs Contact: | Jiri Herrmann <jherrman> | ||||
Priority: | unspecified | ||||||
Version: | 7.1 | CC: | ailan, areis, awels, ghammer, hhuang, jinzhao, jonesrn, juzhang, knoel, lagern, lersek, marcandre.lureau, mbaissac, michen, mrezanin, mst, mtessun, pstehlik, trick, virt-maint, wyu, xfu, yisun, yvugenfi | ||||
Target Milestone: | rc | Keywords: | FutureFeature | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | qemu-kvm-rhev-2.12.0-1.el7 | Doc Type: | Technology Preview | ||||
Doc Text: |
As a Technology Preview, qemu-kvm-rhev introduces the Virtual Machine Generation ID feature, which enables the VM BIOS to expose ID integers that help prevent the corruption of virtual file systems during higher-risk operations, such as restoring a snapshot or loading a configuration backup. This feature is available on VMs that use the following guest operating systems:
- Windows 8 or later
- Windows Server 2012 or later
Note that it is currently only possible to access this feature using arbitrary QEMU commands. However, virtual machines modified by such commands cannot be supported by Red Hat.
|
Story Points: | --- | ||||
Clone Of: | 1118825 | ||||||
: | vmgenid-libvirt 1159983 (view as bug list) | Environment: | |||||
Last Closed: | 2018-11-01 11:01:10 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1118825, 1149445, 1159981, 1159983, 1288337, 1598348, 1598350, 2000506 | ||||||
Attachments: |
|
Description
Karen Noel
2014-07-11 16:01:25 UTC
Closing bug#1139005 as duplicate. There it says: This functionality is new to Hyper-V in Windows Server 2012 or Windows 8 and is designed to differentiate (security-wise) between instances of a VM that were generated using the exact same disk image / snapshot. The implementation is based on a new hypervisor's device, that returns a 128-bit, cryptographically random integer value identifier that will be different every time the virtual machine executes from a different configuration fileāsuch as executing from a recovered snapshot, or executing after restoring from backup. *** Bug 1139005 has been marked as a duplicate of this bug. *** A patch was posted and is expected to be applied after qemu's 2.2 release. Hi Gal, is patch in 2.2/2.3 upstream release? In case it is, please move the bz to modified state and fill fixed in field with proper version. (In reply to Miroslav Rezanina from comment #4) > Hi Gal, > is patch in 2.2/2.3 upstream release? In case it is, please move the bz to > modified state and fill fixed in field with proper version. The patch was not accepted it. (In reply to Gal Hammer from comment #5) > (In reply to Miroslav Rezanina from comment #4) > > Hi Gal, > > is patch in 2.2/2.3 upstream release? In case it is, please move the bz to > > modified state and fill fixed in field with proper version. > > The patch was not accepted it. Hi mrezanin, According to comment5, seems we need to update the bz status from post to assigned status? Best Regards, Junyi Igor posted: [PATCH v17 0/9] Virtual Machine Generation ID http://thread.gmane.org/gmane.comp.emulators.qemu/387810 Note for qe: Verifying functionality in a Windows guest is tricky, but in Linux you can build and load this (old and badly written) device driver: https://github.com/ben-skyportsystems/vmgenid-test You should see the 'notices' number increment after restoring a snapshot. notes on testing with windows guests: https://www.mail-archive.com/qemu-devel@nongnu.org/msg430714.html Test against with qemu-kvm-rhev-2.12.0-2.el7.x86_64 1. RHEL guest: a) Boot up guest with "-device vmgenid,id=testvgid,guid=auto" b) Check the vmgenid in the guest [root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/guid 90231d05-db32-1345-bbbe-3cf3a49ab372 [root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/notices 0 c) Do the migration in hmp (qemu) stop (qemu) info status VM status: paused (qemu) migrate -d "exec: gzip -c >/home/test.gz" d) Then boot up snapshot with "-incoming "exec: gzip -c -d /home/test.gz" " e) check vmgenid in the guest again [root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/guid 6c934afe-384e-274b-b4ac-5dbada48940b [root@dhcp-8-106 vmgenid-test]# cat /sys/firmware/acpi/vmgenid/notices 1 2. Windows server 2012 guest: test it with above steps, and can see the different vmgenid, please check the attachment(win2012result) Hi Michael Could you double check it? is it enough? Thanks Jing Created attachment 1447709 [details]
win2012result
Looks good to me. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3443 (In reply to Michael S. Tsirkin from comment #24) > Note for qe: > Verifying functionality in a Windows guest is tricky, but in Linux > you can build and load this (old and badly written) device driver: > > https://github.com/ben-skyportsystems/vmgenid-test > > You should see the 'notices' number increment after restoring a snapshot. Hi Micheal, with the tool in this github repo, I found following issue, not sure if it's a data sequence problem. steps: 1. start a vm with genid=29aba8fd-899f-4f0e-baca-b4d28262918a # ps -ef | grep genid qemu 19733 1 0 03:29 ? 00:00:02 /usr/libexec/qemu-kvm -name guest=avocado-vt-vm1,debug-threads=on ...-device vmgenid,guid=29aba8fd-899f-4f0e-baca-b4d28262918a 2. login vm and use the tool you provided to print the guid [root@localhost vmgenid]# cat /sys/firmware/acpi/vmgenid/guid fda8ab29-9f89-0e4f-baca-b4d28262918a problem: the guid in step 1&2 are different, seems big/little endian mixed... is this a problem? The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |