When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/libxl/driver.pid
In unprivileged libvirtd this ends up locking
/run/user/$UID/libvirt/libxl/run/driver.pid
NB, the latter can vary depending on $XDG_RUNTIME_DIR
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
src/libxl/libxl_conf.h | 3 +++
src/libxl/libxl_driver.c | 11 ++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/libxl/libxl_conf.h b/src/libxl/libxl_conf.h
index 136b5ae1ac..552f039d2a 100644
--- a/src/libxl/libxl_conf.h
+++ b/src/libxl/libxl_conf.h
@@ -111,6 +111,9 @@ struct _libxlDriverPrivate {
* then lockless thereafter */
libxlDriverConfigPtr config;
+ /* pid file FD, ensures two copies of the driver can't use the same root */
+ int lockFD;
+
/* Atomic inc/dec only */
unsigned int nactive;
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index ac10fb6dbc..a99c7471bb 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -53,6 +53,7 @@
#include "viraccessapicheck.h"
#include "viratomic.h"
#include "virhostdev.h"
+#include "virpidfile.h"
#include "locking/domain_lock.h"
#include "virnetdevtap.h"
#include "cpu/cpu.h"
@@ -506,7 +507,6 @@ libxlStateCleanup(void)
return -1;
virObjectUnref(libxl_driver->hostdevMgr);
- virObjectUnref(libxl_driver->config);
virObjectUnref(libxl_driver->xmlopt);
virObjectUnref(libxl_driver->domains);
virPortAllocatorRangeFree(libxl_driver->reservedGraphicsPorts);
@@ -516,6 +516,10 @@ libxlStateCleanup(void)
virObjectUnref(libxl_driver->domainEventState);
virSysinfoDefFree(libxl_driver->hostsysinfo);
+ if (libxl_driver->lockFD != -1)
+ virPidFileRelease(libxl_driver->config->stateDir, "driver", libxl_driver->lockFD);
+
+ virObjectUnref(libxl_driver->config);
virMutexDestroy(&libxl_driver->lock);
VIR_FREE(libxl_driver);
@@ -658,6 +662,7 @@ libxlStateInitialize(bool privileged,
if (VIR_ALLOC(libxl_driver) < 0)
return -1;
+ libxl_driver->lockFD = -1;
if (virMutexInit(&libxl_driver->lock) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("cannot initialize mutex"));
@@ -741,6 +746,10 @@ libxlStateInitialize(bool privileged,
goto error;
}
+ if ((libxl_driver->lockFD =
+ virPidFileAcquire(cfg->stateDir, "driver", true, getpid())) < 0)
+ goto error;
+
if (!(libxl_driver->lockManager =
virLockManagerPluginNew(cfg->lockManagerName ?
cfg->lockManagerName : "nop",
--
2.21.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
