On Mon, Mar 13, 2023 at 16:42:10 +0100, Pavel Hrdina wrote:
> When reverting to external snapshot we need to create new overlay qcow2
> files from the disk files the VM had when the snapshot was taken.
>
> There are some specifics and limitations when reverting to a snapshot:
>
> 1) When reverting to last snapshot we need to first create new overlay
> files before we can safely delete the old overlay files in case the
> creation fails so we have still recovery option when we error out.
>
> These new files will not have the suffix as when the snapshot was
> created as renaming the original files in order to use the same file
> names as when the snapshot was created would add unnecessary
> complexity to the code.
>
> 2) When reverting to any snapshot we will always create overlay files
> for every disk the VM had when the snapshot was done. Otherwise we
> would have to figure out if there is any other qcow2 image already
> using any of the VM disks as backing store and that itself might be
> extremely complex and in some cases impossible.
>
> 3) When reverting from any state the current overlay files will be
> always removed as that VM state is not meant to be saved. It's the
> same as with internal snapshots. If user want's to keep the current
> state before reverting they need to create a new snapshot. For now
> this will only work if the current snapshot is the last.
>
> Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
> ---
> src/qemu/qemu_snapshot.c | 143 +++++++++++++++++++++++++++++++++++++--
> 1 file changed, 139 insertions(+), 4 deletions(-)
>
> diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
> index 9e4b978b1b..af4e2ea6aa 100644
> --- a/src/qemu/qemu_snapshot.c
> +++ b/src/qemu/qemu_snapshot.c
> @@ -18,6 +18,8 @@
>
> #include <config.h>
>
> +#include <fcntl.h>
> +
> #include "qemu_snapshot.h"
>
> #include "qemu_monitor.h"
> @@ -1968,6 +1970,119 @@ qemuSnapshotRevertWriteMetadata(virDomainObj *vm,
> }
>
>
> +static int
> +qemuSnapshotRevertExternal(virDomainObj *vm,
> + virDomainMomentObj *snap,
> + virDomainDef *config,
> + virDomainDef *inactiveConfig,
> + int *memsnapFD,
> + char **memsnapPath)
> +{
> + size_t i;
> + virDomainDef *domdef = NULL;
> + virDomainSnapshotLocation location = VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL;
> + virDomainMomentObj *curSnap = virDomainSnapshotGetCurrent(vm->snapshots);
> + virDomainSnapshotDef *snapdef = virDomainSnapshotObjGetDef(snap);
> + virDomainSnapshotDef *curdef = virDomainSnapshotObjGetDef(curSnap);
> + g_autoptr(virDomainSnapshotDef) tmpsnapdef = NULL;
> + g_autoptr(virBitmap) created = NULL;
> + int ret = -1;
> +
> + if (config) {
> + domdef = config;
> + } else {
> + domdef = inactiveConfig;
> + }
> +
> + if (!(tmpsnapdef = virDomainSnapshotDefNew()))
> + return -1;
> +
> + if (virDomainMomentDefPostParse(&tmpsnapdef->parent) < 0)
Weird at first glance. If we ever add something more to postparse that
might be a wrong thing to call here. Add a comment here that it's needed
_just_ for the timestamp stuff.
> + return -1;
> +
> + if (virDomainSnapshotAlignDisks(tmpsnapdef, domdef, location, false) < 0)
> + return -1;
So in the end you do align the definition, thus the modification to the
function you did should not be needed.
You also seem to rely on the fact that this auto-selects all
non-readonly disks for snapshot, but note that in case when the
definition has VIR_DOMAIN_SNAPSHOT_LOCATION_NO for some disks they will
not be selected. Having VIR_DOMAIN_SNAPSHOT_LOCATION_NO though doesn't
mean that there isn't a snapshot of that disk as it can be overriden
when specifying disks explicitly, and thus that image does have an
overlay. Reverting in the way implemented here would thus invalidate the
overlay. This contradicts point 2 from the commit message.
Also at this point this effectively limits all of this to work on local
files only as virDomainSnapshotDefAssignExternalNames works only on
local files ...
> +
> + created = virBitmapNew(tmpsnapdef->ndisks);
> +
> + if (qemuSnapshotCreateQcow2Files(vm, domdef, tmpsnapdef, created, false) < 0)
> + return -1;
... thus this will for this very specific moment work. But since you'll
most likely will be adding a proper revert API with XML which should
allow reversion also for network disks this is limiting that work.
> +
> + if (memsnapFD && memsnapPath && snapdef->memorysnapshotfile) {
> + virQEMUDriver *driver = ((qemuDomainObjPrivate *) vm->privateData)->driver;
> + g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
> +
> + *memsnapPath = snapdef->memorysnapshotfile;
> + *memsnapFD = qemuDomainOpenFile(cfg, NULL, *memsnapPath, O_RDONLY, NULL);
> + }
> +
> + if (config) {
> + if (qemuSnapshotDomainDefUpdateDisk(config, tmpsnapdef, false) < 0)
> + goto cleanup;
> + }
> +
> + if (qemuSnapshotDomainDefUpdateDisk(inactiveConfig, tmpsnapdef, false) < 0)
> + goto cleanup;
> +
> + if (curdef->revertdisks) {
> + for (i = 0; i < curdef->nrevertdisks; i++) {
> + virDomainSnapshotDiskDef *snapdisk = &(curdef->revertdisks[i]);
> +
> + if (unlink(snapdisk->src->path) < 0) {
> + VIR_WARN("Failed to remove snapshot image '%s'",
> + snapdisk->src->path);
> + }
> +
> + virDomainSnapshotDiskDefClear(snapdisk);
> + }
> +
> + g_clear_pointer(&curdef->revertdisks, g_free);
> + curdef->nrevertdisks = 0;
> + } else {
> + for (i = 0; i < curdef->ndisks; i++) {
> + virDomainSnapshotDiskDef *snapdisk = &(curdef->disks[i]);
> +
> + if (unlink(snapdisk->src->path) < 0) {
> + VIR_WARN("Failed to remove snapshot image '%s'",
> + snapdisk->src->path);
> + }
> + }
> + }
Also both branches in this condition should be careful when accessing
src->path unconditionally for the future use case of network disks.
Additionally the 'else' branch at least can hit cases when src->path is
NULL due to the disk being excluded from a snapshot.
> +
> + if (snap->nchildren != 0) {
> + snapdef->revertdisks = g_steal_pointer(&tmpsnapdef->disks);
> + snapdef->nrevertdisks = tmpsnapdef->ndisks;
> + tmpsnapdef->ndisks = 0;
> + } else {
> + for (i = 0; i < snapdef->ndisks; i++) {
> + virDomainSnapshotDiskDefClear(&snapdef->disks[i]);
> + }
> + g_free(snapdef->disks);
> + snapdef->disks = g_steal_pointer(&tmpsnapdef->disks);
> + snapdef->ndisks = tmpsnapdef->ndisks;
> + tmpsnapdef->ndisks = 0;
> + }
> +
> + ret = 0;
> +
> + cleanup:
> + if (ret != 0 && created) {
> + ssize_t bit = -1;
> +
> + while ((bit = virBitmapNextSetBit(created, bit)) >= 0) {
> + virDomainSnapshotDiskDef *snapdisk = &(tmpsnapdef->disks[bit]);
> +
> + if (unlink(snapdisk->src->path) < 0) {
> + VIR_WARN("Failed to remove snapshot image '%s'",
> + snapdisk->src->path);
Similarly to above, in certain cases 'path' can be NULL here.
> + }
> + }
> + }
> +
> + return ret;
> +}
