In cases where the security driver failed to restore a label after a guest has saved, we mistakenly jumped to the error cleanup paths. This is not good, because the operation has in fact completed and cannot be rolled back completely. Label restore is non-critical, so just log the problem instead. Also add a missing restore call in the error cleanup path * src/qemu/qemu_driver.c: Fix handling of security driver restore failures in QEMU domain save --- src/qemu/qemu_driver.c | 48 +++++++++++++++++++++++++----------------------- 1 files changed, 25 insertions(+), 23 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 3bea7e7..7b92965 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -5050,16 +5050,13 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path, driver->securityDriver && driver->securityDriver->domainRestoreSavedStateLabel && driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) - goto endjob; + VIR_WARN("failed to restore save state label on %s", path); if (cgroup != NULL) { rc = virCgroupDenyDevicePath(cgroup, path); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to deny device %s for %s"), - path, vm->def->name); - goto endjob; - } + if (rc != 0) + VIR_WARN("Unable to deny device %s for %s %d", + path, vm->def->name, rc); } ret = 0; @@ -5078,24 +5075,29 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path, endjob: if (vm) { - if (ret != 0 && header.was_running && priv->mon) { - qemuDomainObjEnterMonitorWithDriver(driver, vm); - rc = qemuMonitorStartCPUs(priv->mon, dom->conn); - qemuDomainObjExitMonitorWithDriver(driver, vm); - if (rc < 0) - VIR_WARN0("Unable to resume guest CPUs after save failure"); - else - vm->state = VIR_DOMAIN_RUNNING; - } + if (ret != 0) { + if (header.was_running && priv->mon) { + qemuDomainObjEnterMonitorWithDriver(driver, vm); + rc = qemuMonitorStartCPUs(priv->mon, dom->conn); + qemuDomainObjExitMonitorWithDriver(driver, vm); + if (rc < 0) + VIR_WARN0("Unable to resume guest CPUs after save failure"); + else + vm->state = VIR_DOMAIN_RUNNING; + } - if (ret != 0 && cgroup != NULL) { - rc = virCgroupDenyDevicePath(cgroup, path); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to deny device %s for %s"), - path, vm->def->name); - goto endjob; + if (cgroup != NULL) { + rc = virCgroupDenyDevicePath(cgroup, path); + if (rc != 0) + VIR_WARN("Unable to deny device %s for %s: %d", + path, vm->def->name, rc); } + + if ((!bypassSecurityDriver) && + driver->securityDriver && + driver->securityDriver->domainRestoreSavedStateLabel && + driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) + VIR_WARN("failed to restore save state label on %s", path); } if (qemuDomainObjEndJob(vm) == 0) -- 1.6.5.2 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list