On Thu, Mar 23, 2017 at 11:03:02 +0100, Laszlo Ersek wrote: > On 03/23/17 10:54, Peter Krempa wrote: > > On Thu, Mar 23, 2017 at 10:48:01 +0100, Laszlo Ersek wrote: > >> On 03/23/17 10:29, Peter Krempa wrote: > >>> If the variable store (<nvram>) file is raw qemu can't do a snapshot of > >>> it and thus the snapshot would be incomplete. QEMU does no reject such > >>> snapshot. > >>> > >>> Additionally allowing to use a qcow2 variable store backing file would > >>> solve this issue but then it would become eligible to become target of > >>> the memory dump. > >>> > >>> Offline internal snapshot would be incomplete too with either storage > >>> format since libvirt does not handle the pflash file in this case. > >>> > >>> Forbid such snapshot so that we can avoid problems. [...] > > @@ -13873,8 +13873,14 @@ qemuDomainSnapshotPrepare(virConnectPtr conn, > > goto cleanup; > > } > > > > - /* Internal snapshots don't work with VMs with OVMF loader since qemu does > > - * not snapshot the variable store */ > > + /* internal snapshots + pflash based loader have the following problems: > > + * - if the variable store is raw, the snapshot is incomplete > > + * - alowing a qcow2 image as the varstore would make it eligible to receive > > + * the vmstate dump, which would make it huge > > + * - offline snapshot would not snapshot the varstore at all > > + * > > + * Avoid the issues by forbidding this completely. > > + */ I thought about this a bit more and I think that while there are the above problems we still can have users of snapshots + OVMF which use it successfully. Forbiding it would create a regression for them since they did not observe anything bad despite the problems mentioned above: The reasons are following: 1) internal snapshots are the default in virt-manager 2) guests usually don't re-write the varstore very often, usually only at install 3) OSes usually don't modify anything besides the boot entry 4) snapshot of an online VM carries the varstore in the memory image 5) OSes are pretty good at restoring the boot entry if it fails Due to the facts above I think that there are users that legitimately think that snapshots with pflash loaders work as expected. It's mostly due to the fact that the data are pretty static and OSes don't store anything important there and are able to self-heal some of the problems. I think we should not disallow this to avoid usability regressions. We can add documentation that states that it's unsafe to do snapshots. Additionally we will need to add support for external snapshots, which currently have similar kind of problems, although fixable. Peter
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
