[libvirt] [PATCH] qemu_capabilities: fix issue with discarding old capabilities
Pavel Hrdina
phrdina at redhat.com
Mon Sep 15 09:43:10 UTC 2014
On 09/15/2014 11:24 AM, Daniel P. Berrange wrote:
> On Fri, Sep 12, 2014 at 06:42:08PM +0200, Pavel Hrdina wrote:
>> On 09/12/2014 06:25 PM, Daniel P. Berrange wrote:
>>> On Fri, Sep 12, 2014 at 06:10:44PM +0200, Pavel Hrdina wrote:
>>>> There was a bug that if libvirtd binary has been updated than the
>>>> capability file wasn't reloaded therefore new capabilities introduced
>>>> in libvirt cannot be used because the cached version was loaded.
>>>>
>>>> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135431
>>>
>>> That bug is all about FIPS support.
>>
>> Yes it's about FIPS support but it's already in libvirt. I've tested it
>> and actually by removing cached file to force detect new capabilities and
>> after that it worked.
>>
>> Now I realized that even checking the selfctime during start of libvirtd
>> isn't sufficient because you can enable the FIPS support for kenrel without
>> updating the libvirtd binary.
>
> Ah, so the actual bug is that the capabilities we detect have a dependancy
> on (libvirtd binary, qemu binary, sysfs/procfs settings). It is pretty
> difficult to deal with sysfs/procfs chances & caching here, since there's
> no way I know to detect when sysfs/procfs settings change.
Yes, that's the real bug and I also didn't realize that at first.
There is however one more think I'm not sure about. I didn't find any
place where we are discarding old capabilities if the libvirtd binary
has been changed. The only check for that update is in function
"virQEMUCapsInitCached" and its called only from
"virQEMUCapsNewForBinary" and this function is called only if there is
no cached caps or the qemu binary has changed. See the
"virQEMUCapsCacheLookup".
So it seems that there is also a bug that we don't check on libvirtd
start if there was an update of that binary.
> I wouldn't want to check the sysfs/procfs settings every time. Perhaps it
> would suffice to just do a check on sysfs/procfs when libvirtd starts up,
> so we can say that if you change FIPS sysfs settings you must restart
> libvirtd ?
I think that would be good enough.
Pavel
>
> Regards,
> Daniel
>
More information about the libvir-list
mailing list