[libvirt] [PATCH] qemu: Prevent disk corruption on domain shutdown

[Daniel P. Berrange]

On Thu, Sep 15, 2011 at 12:07:27PM +0200, Jiri Denemark wrote:
> Ever since we introduced fake reboot, we call qemuProcessKill as a
> reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
> flushed all internal buffers before sending SHUTDOWN, in which case
> killing the process forcibly may result in (virtual) disk corruption.
> 
> By sending just SIGTERM without SIGKILL we give qemu time to to flush
> all buffers and exit. Once qemu exits, we will see an EOF on monitor
> connection and tear down the domain. In case qemu ignores SIGTERM or
> just hangs there, the process stays running but that's not any different
> from a possible hang anytime during the shutdown process so I think it's
> just fine.
> 
> Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
> which causes it not to exit but instead send new SHUTDOWN event and keep
> waiting. I think the best we can do is to ignore duplicate SHUTDOWN
> events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
> state.
> ---
>  src/qemu/qemu_driver.c  |    2 +-
>  src/qemu/qemu_process.c |   25 ++++++++++++++++++-------
>  src/qemu/qemu_process.h |    2 +-
>  3 files changed, 20 insertions(+), 9 deletions(-)

ACK this looks reasonable.


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|