[libvirt] [PATCH] Fix handling of security driver restore failures in QEMU domain save

"Daniel P. Berrange" <berrange@xxxxxxxxxx> · Thu, 22 Apr 2010 17:19:05 +0100

In cases where the security driver failed to restore a label after a
guest has saved, we mistakenly jumped to the error cleanup paths.
This is not good, because the operation has in fact completed and
cannot be rolled back completely. Label restore is non-critical, so
just log the problem instead. Also add a missing restore call in
the error cleanup path

* src/qemu/qemu_driver.c: Fix handling of security driver
  restore failures in QEMU domain save
---
 src/qemu/qemu_driver.c |   48 +++++++++++++++++++++++++-----------------------
 1 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3bea7e7..7b92965 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5050,16 +5050,13 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
         driver->securityDriver &&
         driver->securityDriver->domainRestoreSavedStateLabel &&
         driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
-        goto endjob;
+        VIR_WARN("failed to restore save state label on %s", path);
 
     if (cgroup != NULL) {
         rc = virCgroupDenyDevicePath(cgroup, path);
-        if (rc != 0) {
-            virReportSystemError(-rc,
-                                 _("Unable to deny device %s for %s"),
-                                 path, vm->def->name);
-            goto endjob;
-        }
+        if (rc != 0)
+            VIR_WARN("Unable to deny device %s for %s %d",
+                     path, vm->def->name, rc);
     }
 
     ret = 0;
@@ -5078,24 +5075,29 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
 
 endjob:
     if (vm) {
-        if (ret != 0 && header.was_running && priv->mon) {
-            qemuDomainObjEnterMonitorWithDriver(driver, vm);
-            rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
-            qemuDomainObjExitMonitorWithDriver(driver, vm);
-            if (rc < 0)
-                VIR_WARN0("Unable to resume guest CPUs after save failure");
-            else
-                vm->state = VIR_DOMAIN_RUNNING;
-        }
+        if (ret != 0) {
+            if (header.was_running && priv->mon) {
+                qemuDomainObjEnterMonitorWithDriver(driver, vm);
+                rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
+                qemuDomainObjExitMonitorWithDriver(driver, vm);
+                if (rc < 0)
+                    VIR_WARN0("Unable to resume guest CPUs after save failure");
+                else
+                    vm->state = VIR_DOMAIN_RUNNING;
+            }
 
-        if (ret != 0 && cgroup != NULL) {
-            rc = virCgroupDenyDevicePath(cgroup, path);
-            if (rc != 0) {
-                virReportSystemError(-rc,
-                                     _("Unable to deny device %s for %s"),
-                                     path, vm->def->name);
-                goto endjob;
+            if (cgroup != NULL) {
+                rc = virCgroupDenyDevicePath(cgroup, path);
+                if (rc != 0)
+                    VIR_WARN("Unable to deny device %s for %s: %d",
+                             path, vm->def->name, rc);
             }
+
+            if ((!bypassSecurityDriver) &&
+                driver->securityDriver &&
+                driver->securityDriver->domainRestoreSavedStateLabel &&
+                driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+                VIR_WARN("failed to restore save state label on %s", path);
         }
 
         if (qemuDomainObjEndJob(vm) == 0)
-- 
1.6.5.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




