[libvirt] [PATCH] qemu: Prevent disk corruption on domain shutdown
Wen Congyang
wency at cn.fujitsu.com
Tue Sep 20 03:31:06 UTC 2011
At 09/15/2011 06:07 PM, Jiri Denemark Write:
> Ever since we introduced fake reboot, we call qemuProcessKill as a
> reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
> flushed all internal buffers before sending SHUTDOWN, in which case
> killing the process forcibly may result in (virtual) disk corruption.
>
> By sending just SIGTERM without SIGKILL we give qemu time to to flush
> all buffers and exit. Once qemu exits, we will see an EOF on monitor
> connection and tear down the domain. In case qemu ignores SIGTERM or
> just hangs there, the process stays running but that's not any different
> from a possible hang anytime during the shutdown process so I think it's
> just fine.
With this patch, the domain can not be shutdown, because we add '-no-shutdown'
in the command line.
We can send monitor command 'quit' to avoid this, but we can not get any reply
and events from qemu after we send this monitor command(libvirtd will be blocked
in qemuMonitorSend()). So it's not easy to
send monitor command 'quit'.
Thanks
Wen Congyang
>
> Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
> which causes it not to exit but instead send new SHUTDOWN event and keep
> waiting. I think the best we can do is to ignore duplicate SHUTDOWN
> events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
> state.
More information about the libvir-list
mailing list