[libvirt] [PATCH v2 2/2] qemuProcessStop: Remove image metadata for running mirror jobs

Peter Krempa pkrempa at redhat.com
Thu Nov 21 16:14:09 UTC 2019

On Thu, Nov 21, 2019 at 17:00:37 +0100, Michal Privoznik wrote:
> On 11/21/19 3:31 PM, Peter Krempa wrote:
> > On Thu, Nov 21, 2019 at 14:02:49 +0100, Michal Privoznik wrote:
> > > On 11/20/19 3:22 PM, Peter Krempa wrote:
> > > > 
> New commit message:
>     qemuProcessStop: Remove image metadata for running mirror jobs
>     If user starts a blockcommit or a blockcopy then we modify access
>     for qemu on both images and leave it like that until pivot is

until the job terminates

>     executed. So far so good. Problem is, if user instead of issuing
>     pivot (where we would modify the access again so that the state

instead of terminating the job (where ...

>     before the job is restored) calls destroy on the domain or if
>     qemu dies whilst executing the block job. In this case we don't
>     ever clear the access we granted at the beginning. To fix this,
>     maybe a bit harsh approach is used, but it works: after all
>     labels were restored (that is after qemuSecurityRestoreAllLabel()
>     was called), we iterate over each disk in the domain and remove
>     XATTRs from the whole backing chain and also from any file the
>     disk is being mirrored to.
>     This would have been done at the time of pivot, but it isn't
>     because user decided to kill the domain instead. If we don't do
>     this and leave some XATTRs behind the domain might be unable to
>     start.
>     Also, secdriver can't do this because it doesn't know if there is
>     any job running. It's outside of its scope - the hypervisor
>     driver is responsible for calling secdriver's APIs.
>     Moreover, this is safe to call because we don't remember labels
>     for any member of a backing chain instead of the top layer. But


>     that one was restored in qemuSecurityRestoreAllLabel() call done
>     earlier. Therefore, not only we don't remember labels (and thus
>     this is basically a NOP for other images in the backing chain) it
>     is also safe to call this when no blockjob was started in the
>     first place, or if some parts of the backing chain are shared
>     with some other domains - this is NOP, unless a block job is
>     active at the time of domain destroy.
>     https://bugzilla.redhat.com/show_bug.cgi?id=1741456#c19
>     Signed-off-by: Michal Privoznik <mprivozn at redhat.com>

Reviewed-by: Peter Krempa <pkrempa at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20191121/d8be2e97/attachment-0001.sig>

More information about the libvir-list mailing list