On 12/30/19 3:07 PM, Michael Weiser wrote:
Internal snapshots of a non-running domain do not carry any memory state and restoring such a snapshot will not replace existing saved memory state. This allows a scenario, where a user first suspends a domain into managedsave, restores a non-running snapshot and then resumes the domain from managedsave. After that, the guest system will run with its previous memory state atop a different disk state. The most obvious possible fallout from this is extensive file system corruption. Swap content and RAID bitmaps might also be off. This has been discussed[1] and fixed[2] from the end-user perspective for virt-manager. This patch marks the restore operation as risky at the libvirt level, requiring the user to remove the saved memory state first or force the operation. [1] https://www.redhat.com/archives/virt-tools-list/2019-November/msg00011.html [2] https://www.redhat.com/archives/virt-tools-list/2019-December/msg00049.html Signed-off-by: Michael Weiser <michael.weiser@xxxxxx> Cc: Cole Robinson <crobinso@xxxxxxxxxx> ---
As said in [1], I agree that the API needs a flag override to allow the user to roll with it despite the risks. Given that this is somewhat a corner case, I also believe that such override can go in a separated patch/series later on. Reviewed-by: Daniel Henrique Barboza <danielhb413@xxxxxxxxx> -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
