Re: [libvirt] [PATCH] Fix handling of security driver restore failures in QEMU domain save

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 23, 2010 at 11:49:38AM +0100, Daniel P. Berrange wrote:
> In cases where the security driver failed to restore a label after a
> guest has saved, we mistakenly jumped to the error cleanup paths.
> This is not good, because the operation has in fact completed and
> cannot be rolled back completely. Label restore is non-critical, so
> just log the problem instead. Also add a missing restore call in
> the error cleanup path
> 
> * src/qemu/qemu_driver.c: Fix handling of security driver
>   restore failures in QEMU domain save
> ---
>  src/qemu/qemu_driver.c |   48 +++++++++++++++++++++++++-----------------------
>  1 files changed, 25 insertions(+), 23 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index faecfb7..862c030 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -5052,16 +5052,13 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
>          driver->securityDriver &&
>          driver->securityDriver->domainRestoreSavedStateLabel &&
>          driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
> -        goto endjob;
> +        VIR_WARN("failed to restore save state label on %s", path);
>  
>      if (cgroup != NULL) {
>          rc = virCgroupDenyDevicePath(cgroup, path);
> -        if (rc != 0) {
> -            virReportSystemError(-rc,
> -                                 _("Unable to deny device %s for %s"),
> -                                 path, vm->def->name);
> -            goto endjob;
> -        }
> +        if (rc != 0)
> +            VIR_WARN("Unable to deny device %s for %s %d",
> +                     path, vm->def->name, rc);
>      }
>  
>      ret = 0;
> @@ -5080,24 +5077,29 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
>  
>  endjob:
>      if (vm) {
> -        if (ret != 0 && header.was_running && priv->mon) {
> -            qemuDomainObjEnterMonitorWithDriver(driver, vm);
> -            rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
> -            qemuDomainObjExitMonitorWithDriver(driver, vm);
> -            if (rc < 0)
> -                VIR_WARN0("Unable to resume guest CPUs after save failure");
> -            else
> -                vm->state = VIR_DOMAIN_RUNNING;
> -        }
> +        if (ret != 0) {
> +            if (header.was_running && priv->mon) {
> +                qemuDomainObjEnterMonitorWithDriver(driver, vm);
> +                rc = qemuMonitorStartCPUs(priv->mon, dom->conn);
> +                qemuDomainObjExitMonitorWithDriver(driver, vm);
> +                if (rc < 0)
> +                    VIR_WARN0("Unable to resume guest CPUs after save failure");
> +                else
> +                    vm->state = VIR_DOMAIN_RUNNING;
> +            }
>  
> -        if (ret != 0 && cgroup != NULL) {
> -            rc = virCgroupDenyDevicePath(cgroup, path);
> -            if (rc != 0) {
> -                virReportSystemError(-rc,
> -                                     _("Unable to deny device %s for %s"),
> -                                     path, vm->def->name);
> -                goto endjob;
> +            if (cgroup != NULL) {
> +                rc = virCgroupDenyDevicePath(cgroup, path);
> +                if (rc != 0)
> +                    VIR_WARN("Unable to deny device %s for %s: %d",
> +                             path, vm->def->name, rc);
>              }
> +
> +            if ((!bypassSecurityDriver) &&
> +                driver->securityDriver &&
> +                driver->securityDriver->domainRestoreSavedStateLabel &&
> +                driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
> +                VIR_WARN("failed to restore save state label on %s", path);
>          }
>  
>          if (qemuDomainObjEndJob(vm) == 0)

  ACK,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]