Re: [PATCH v2 2/2] qemuProcessStop: Remove image metadata for running mirror jobs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 21, 2019 at 17:00:37 +0100, Michal Privoznik wrote:
> On 11/21/19 3:31 PM, Peter Krempa wrote:
> > On Thu, Nov 21, 2019 at 14:02:49 +0100, Michal Privoznik wrote:
> > > On 11/20/19 3:22 PM, Peter Krempa wrote:
> > > > 
> 
> New commit message:
> 
>     qemuProcessStop: Remove image metadata for running mirror jobs
> 
>     If user starts a blockcommit or a blockcopy then we modify access
>     for qemu on both images and leave it like that until pivot is

until the job terminates

>     executed. So far so good. Problem is, if user instead of issuing
>     pivot (where we would modify the access again so that the state

instead of terminating the job (where ...

>     before the job is restored) calls destroy on the domain or if
>     qemu dies whilst executing the block job. In this case we don't
>     ever clear the access we granted at the beginning. To fix this,
>     maybe a bit harsh approach is used, but it works: after all
>     labels were restored (that is after qemuSecurityRestoreAllLabel()
>     was called), we iterate over each disk in the domain and remove
>     XATTRs from the whole backing chain and also from any file the
>     disk is being mirrored to.
> 
>     This would have been done at the time of pivot, but it isn't
>     because user decided to kill the domain instead. If we don't do
>     this and leave some XATTRs behind the domain might be unable to
>     start.
> 
>     Also, secdriver can't do this because it doesn't know if there is
>     any job running. It's outside of its scope - the hypervisor
>     driver is responsible for calling secdriver's APIs.
> 
>     Moreover, this is safe to call because we don't remember labels
>     for any member of a backing chain instead of the top layer. But

s/instead/except/

>     that one was restored in qemuSecurityRestoreAllLabel() call done
>     earlier. Therefore, not only we don't remember labels (and thus
>     this is basically a NOP for other images in the backing chain) it
>     is also safe to call this when no blockjob was started in the
>     first place, or if some parts of the backing chain are shared
>     with some other domains - this is NOP, unless a block job is
>     active at the time of domain destroy.
> 
>     https://bugzilla.redhat.com/show_bug.cgi?id=1741456#c19
> 
>     Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>

Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>

Attachment: signature.asc
Description: PGP signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux