From nobody Sun May 5 01:34:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1511365813948763.585139296153; Wed, 22 Nov 2017 07:50:13 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 874D720273; Wed, 22 Nov 2017 15:50:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DDBA062671; Wed, 22 Nov 2017 15:50:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BB0A34BB79; Wed, 22 Nov 2017 15:50:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id vAMFoAKm025442 for ; Wed, 22 Nov 2017 10:50:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id 4A34A62669; Wed, 22 Nov 2017 15:50:10 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0F44C62678; Wed, 22 Nov 2017 15:50:08 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 22 Nov 2017 16:49:44 +0100 Message-Id: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: mprivozn@redhat.com, Peter Krempa Subject: [libvirt] [PATCH] qemu: domain: Don't call namespace setup for storage already accessed by vm X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 22 Nov 2017 15:50:13 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When doing block commit we need to allow write for members of the backing chain so that we can commit the data into them. qemuDomainDiskChainElementPrepare was used for this which since commit 786d8d91b4 calls qemuDomainNamespaceSetupDisk which has very adverse side-effects, namely it relabels the nodes to the same label it has in the main namespace. This was messing up permissions for the commit operation since its touching various parts of a single backing chain. Since we are are actually not introducing new images at that point add a flag for qemuDomainDiskChainElementPrepare which will refrain from calling to the namespace setup function. Calls from qemuDomainSnapshotCreateSingleDiskActive and qemuDomainBlockCopyCommon do introduce new members all calls from qemuDomainBlockCommit do not, so the calls are anotated accordingly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1506072 --- src/qemu/qemu_domain.c | 17 ++++++++++++++--- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c | 12 ++++++------ 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index cc7596bad1..f12450cc69 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -6146,15 +6146,25 @@ qemuDomainDiskChainElementRevoke(virQEMUDriverPtr d= river, /** * qemuDomainDiskChainElementPrepare: + * @driver: qemu driver data + * @vm: domain object + * @elem: source structure to set access for + * @readonly: setup read-only access if true + * @newSource: @elem describes a storage source which @vm can't access yet * * Allow a VM access to a single element of a disk backing chain; this hel= per * ensures that the lock manager, cgroup device controller, and security m= anager - * labelling are all aware of each new file before it is added to a chain = */ + * labelling are all aware of each new file before it is added to a chain. + * + * When modifying permissions of @elem which @vm can already access (is in= the + * backing chain) @newSource needs to be set to false. + */ int qemuDomainDiskChainElementPrepare(virQEMUDriverPtr driver, virDomainObjPtr vm, virStorageSourcePtr elem, - bool readonly) + bool readonly, + bool newSource) { bool was_readonly =3D elem->readonly; virQEMUDriverConfigPtr cfg =3D NULL; @@ -6167,7 +6177,8 @@ qemuDomainDiskChainElementPrepare(virQEMUDriverPtr dr= iver, if (virDomainLockImageAttach(driver->lockManager, cfg->uri, vm, elem) = < 0) goto cleanup; - if (qemuDomainNamespaceSetupDisk(driver, vm, elem) < 0) + if (newSource && + qemuDomainNamespaceSetupDisk(driver, vm, elem) < 0) goto cleanup; if (qemuSetupImageCgroup(vm, elem) < 0) diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index e021da51fc..9066f5d0f5 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -689,7 +689,8 @@ void qemuDomainDiskChainElementRevoke(virQEMUDriverPtr = driver, int qemuDomainDiskChainElementPrepare(virQEMUDriverPtr driver, virDomainObjPtr vm, virStorageSourcePtr elem, - bool readonly); + bool readonly, + bool newSource); int qemuDomainCleanupAdd(virDomainObjPtr vm, qemuDomainCleanupCallback cb); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 3a0e3b6cec..809863be57 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -14570,7 +14570,7 @@ qemuDomainSnapshotCreateSingleDiskActive(virQEMUDri= verPtr driver, } /* set correct security, cgroup and locking options on the new image */ - if (qemuDomainDiskChainElementPrepare(driver, vm, dd->src, false) < 0)= { + if (qemuDomainDiskChainElementPrepare(driver, vm, dd->src, false, true= ) < 0) { qemuDomainDiskChainElementRevoke(driver, vm, dd->src); goto cleanup; } @@ -17165,7 +17165,7 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm, keepParentLabel) < 0) goto endjob; - if (qemuDomainDiskChainElementPrepare(driver, vm, mirror, false) < 0) { + if (qemuDomainDiskChainElementPrepare(driver, vm, mirror, false, true)= < 0) { qemuDomainDiskChainElementRevoke(driver, vm, mirror); goto endjob; } @@ -17558,9 +17558,9 @@ qemuDomainBlockCommit(virDomainPtr dom, * operation succeeds, but doing that requires tracking the * operation in XML across libvirtd restarts. */ clean_access =3D true; - if (qemuDomainDiskChainElementPrepare(driver, vm, baseSource, false) <= 0 || + if (qemuDomainDiskChainElementPrepare(driver, vm, baseSource, false, f= alse) < 0 || (top_parent && top_parent !=3D disk->src && - qemuDomainDiskChainElementPrepare(driver, vm, top_parent, false) = < 0)) + qemuDomainDiskChainElementPrepare(driver, vm, top_parent, false, = false) < 0)) goto endjob; /* Start the commit operation. Pass the user's original spelling, @@ -17604,9 +17604,9 @@ qemuDomainBlockCommit(virDomainPtr dom, if (ret < 0 && clean_access) { virErrorPtr orig_err =3D virSaveLastError(); /* Revert access to read-only, if possible. */ - qemuDomainDiskChainElementPrepare(driver, vm, baseSource, true); + qemuDomainDiskChainElementPrepare(driver, vm, baseSource, true, fa= lse); if (top_parent && top_parent !=3D disk->src) - qemuDomainDiskChainElementPrepare(driver, vm, top_parent, true= ); + qemuDomainDiskChainElementPrepare(driver, vm, top_parent, true= , false); if (orig_err) { virSetError(orig_err); --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list