[PATCH] qemu_namespace: Umount the original /dev before replacing it with tmpfs

Martin Kletzander mkletzan at redhat.com
Thu Jan 5 11:56:03 UTC 2023 

On Fri, Dec 16, 2022 at 04:04:01PM +0100, Michal Privoznik wrote:
>Our code relies on mount events propagating into the namespace we
>create for a domain. However, there's one caveat. In v8.8.0-rc1~8
>I've tried to make us detect differences in mount tables between
>the namespace in which libvirtd runs and the domain namespace.
>This is crucial for any mounts that happen after the domain was
>started (for instance new hugetlbfs can be mounted on say
>/dev/hugepages1G).
>
>Therefore, we take a look into /proc/$(pgrep qemu)/mounts to see
>what filesystems are mounted under /dev. Now, since we don't
>umount the original /dev, just mount a tmpfs over it, we get all
>the events (e.g. aforementioned hugetlbfs mount on
>/dev/hugepages1G), but we are not really able to access it
>because of the tmpfs that's placed on top. This then confuses our
>algorithm for detecting which filesystems are mounted (the
>algorithm is implemented in qemuDomainGetPreservedMounts()).
>
>To break the link between host's and guest's /dev we just need to
>umount() the original /dev in the namespace. Just before our
>artificially created tmpfs is moved into its place.
>
>Fixes: 46b03819ae8d833b11c2aaccb2c2a0361727f51b
>Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151869#c6
>Signed-off-by: Michal Privoznik <mprivozn at redhat.com>

Reviewed-by: Martin Kletzander <mkletzan at redhat.com>

>---
> src/qemu/qemu_namespace.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
>index 90c0b90024..a6b9af1307 100644
>--- a/src/qemu/qemu_namespace.c
>+++ b/src/qemu/qemu_namespace.c
>@@ -775,6 +775,11 @@ qemuDomainUnshareNamespace(virQEMUDriverConfig *cfg,
>             goto cleanup;
>     }
>
>+    if (umount("/dev") < 0) {
>+        virReportSystemError(errno, "%s", _("failed to umount devfs on /dev"));
>+        return -1;
>+    }
>+
>     if (virFileMoveMount(devPath, "/dev") < 0)
>         goto cleanup;
>
>-- 
>2.37.4
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20230105/0779ceeb/attachment.sig>

More information about the libvir-list mailing list