PDA

View Full Version : lsof on some device special files does not display KVM/Qemu process names



nutznboltz
3rd December 2017, 06:13 PM
Expected:

Running "sudo lsof /dev/random /dev/zero /dev/kvm" should display the names of processes that have /dev/random, /dev/zero and/or /dev/kvm open.

Actual:

Running "sudo lsof /dev/random /dev/zero /dev/kvm" does not display the names of KVM/Qemu processes that have /dev/random, /dev/zero and/or /dev/kvm open.

Reproducing


$ lsb_release -d
Description: Fedora release 27 (Twenty Seven)
$ rpm -q lsof
lsof-4.89-7.fc27.x86_64
$ rpm -q qemu
qemu-2.10.1-1.fc27.x86_64
$ ps -e | grep qemu
20973 ? 00:53:05 qemu-system-x86
27287 ? 00:05:57 qemu-system-x86
28227 ? 00:00:51 qemu-system-x86
$ sudo lsof /dev/random /dev/zero /dev/kvm
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
$ sudo lsof | egrep '/dev/random|/dev/zero|/dev/kvm' | awk '{print $NF}' | sort -u
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
/dev/kvm
/dev/random
/dev/zero
$ sudo lsof | egrep '/dev/random|/dev/zero|/dev/kvm' | head
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
qemu-syst 20973 qemu DEL REG 0,5 212176 /dev/zero
qemu-syst 20973 qemu DEL REG 0,5 210816 /dev/zero
qemu-syst 20973 qemu DEL REG 0,5 211293 /dev/zero
qemu-syst 20973 qemu 13u CHR 10,232 0t0 213477 /dev/kvm
qemu-syst 20973 21013 qemu DEL REG 0,5 212176 /dev/zero
qemu-syst 20973 21013 qemu DEL REG 0,5 210816 /dev/zero
qemu-syst 20973 21013 qemu DEL REG 0,5 211293 /dev/zero
qemu-syst 20973 21013 qemu 13u CHR 10,232 0t0 213477 /dev/kvm
CPU\x200/ 20973 21019 qemu DEL REG 0,5 212176 /dev/zero
CPU\x200/ 20973 21019 qemu DEL REG 0,5 210816 /dev/zero

$ ps axww | grep qemu.*rand | grep -v grep | sed -e 's;.*-object rng;-object rng;' -e 's; -msg.*$;;'
-object rng-random,id=objrng0,filename=/dev/random -device virtio-rng-pci,rng=objrng0,id=rng0,max-bytes=1024,period=1000,bus=pci.0,addr=0x9

nutznboltz
17th December 2017, 06:44 PM
On Fedora 27 virt-manager builds the libvirt xml for the virtual RNG to use /dev/random


$ ps ax | grep qemu | grep -v grep | sed -e 's;.*-object rng;-object rng;' -e 's; -msg.*$;;'
-object rng-random,id=objrng0,filename=/dev/random -device virtio-rng-pci,rng=objrng0,id=rng0,max-bytes=1024,period=1000,bus=pci.0,addr=0x9

On Ubuntu 17.10, virt-manager builds the libvirt xml for the virtual RNG to use /dev/urandom instead of /dev/random


$ ps ax | grep qemu.*rand | grep -v grep | sed -e 's;.*-object rng;-object rng;' -e 's; -msg.*$;;'
-object rng-random,id=objrng0,filename=/dev/urandom -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.0,addr=0x8


lsof on Ubuntu 17.10 of /dev/urandom does display qemu.


$ sudo lsof /dev/urandom | grep qemu
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
qemu-syst 14340 libvirt-qemu 9r CHR 1,9 0t0 1034 /dev/urandom




fedora$ lsof -v
lsof version information:
revision: 4.89
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
constructed: Thu Aug 3 22:44:06 UTC 2017
constructed by and on: mockbuild@buildvm-10.phx2.fedoraproject.org
compiler: cc
compiler version: 7.1.1 20170718 (Red Hat 7.1.1-6) (GCC)
compiler flags: -DLINUXV=411005 -DGLIBCV=225 -DHASIPv6 -DNEEDS_NETINET_TCPH -DHASSELINUX -DHASUXSOCKEPT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DHAS_STRFTIME -DLSOF_VSTR="4.11.5-200.fc25.x86_64" -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
loader flags: -L./lib -llsof -lselinux
system info: Linux buildvm-10.phx2.fedoraproject.org 4.11.5-200.fc25.x86_64 #1 SMP Wed Jun 14 17:17:29 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Anyone can list all files.
/dev warnings are disabled.
Kernel ID check is disabled.




lsof -v
lsof version information:
revision: 4.89
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
compiler: cc
compiler version: 5.2.1 20151022 (Ubuntu/Linaro 5.2.1-22ubuntu5)
compiler flags: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -DLINUXV=42003 -DGLIBCV=221 -DHASIPv6 -DNEEDS_NETINET_TCPH -DHASSELINUX -DHASUXSOCKEPT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DHAS_STRFTIME -DLSOF_VSTR="4.2.3" -O
loader flags: -L./lib -llsof -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -lselinux
Anyone can list all files.
/dev warnings are disabled.
Kernel ID check is disabled.




Fedora 27
Ubuntu 17.10


--param=ssp-buffer-size=4



-DGLIBCV=225
-DGLIBCV=221


-DHASIPv6
-DHASIPv6


-DHASSELINUX
-DHASSELINUX


-DHASUXSOCKEPT
-DHASUXSOCKEPT


-DHAS_STRFTIME
-DHAS_STRFTIME


-DLINUXV=411005
-DLINUXV=42003


-DLSOF_VSTR="4.11.5-200.fc25.x86_64"
-DLSOF_VSTR="4.2.3"


-DNEEDS_NETINET_TCPH
-DNEEDS_NETINET_TCPH


-D_FILE_OFFSET_BITS=64
-D_FILE_OFFSET_BITS=64


-Wp,-D_FORTIFY_SOURCE=2
-D_FORTIFY_SOURCE=2


-D_LARGEFILE64_SOURCE
-D_LARGEFILE64_SOURCE


-L./lib
-L./lib



-O


-O2
-O2


-Wall



-Werror=format-security
-Werror=format-security



-Wformat


-fexceptions



-fstack-protector-strong
-fstack-protector-strong


-g
-g


-grecord-gcc-switches



-llsof
-llsof


-lselinux
-lselinux






-m64
-Wl,-Bsymbolic-functions


-mtune=generic
-Wl,-z,now


-pipe
-Wl,-z,relro


-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
-fPIE



-fPIE



-pie