Even if an op blocker is present for BLOCK_OP_TYPE_MIRROR_SOURCE,
it is checked a bit late and the result is that the target is
created even if drive-mirror subsequently fails. Add an early
check to avoid this.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
blockdev.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/blockdev.c b/blockdev.c
index 8e977eef11..c7e2e0a00e 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3565,6 +3565,11 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
return;
}
+ /* Early check to avoid creating target */
+ if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) {
+ return;
+ }
+
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
--
2.14.3
On Wed, 02/07 17:29, Paolo Bonzini wrote: > Even if an op blocker is present for BLOCK_OP_TYPE_MIRROR_SOURCE, > it is checked a bit late and the result is that the target is > created even if drive-mirror subsequently fails. Add an early > check to avoid this. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > blockdev.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/blockdev.c b/blockdev.c > index 8e977eef11..c7e2e0a00e 100644 > --- a/blockdev.c > +++ b/blockdev.c > @@ -3565,6 +3565,11 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) > return; > } > > + /* Early check to avoid creating target */ > + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { > + return; > + } > + > aio_context = bdrv_get_aio_context(bs); > aio_context_acquire(aio_context); > > -- > 2.14.3 > > Reviewed-by: Fam Zheng <famz@redhat.com>
On Wed 07 Feb 2018 05:29:20 PM CET, Paolo Bonzini wrote: > Even if an op blocker is present for BLOCK_OP_TYPE_MIRROR_SOURCE, > it is checked a bit late and the result is that the target is > created even if drive-mirror subsequently fails. Add an early > check to avoid this. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > blockdev.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/blockdev.c b/blockdev.c > index 8e977eef11..c7e2e0a00e 100644 > --- a/blockdev.c > +++ b/blockdev.c > @@ -3565,6 +3565,11 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) > return; > } > > + /* Early check to avoid creating target */ > + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { > + return; > + } > + > aio_context = bdrv_get_aio_context(bs); > aio_context_acquire(aio_context); Do we need to hold the AioContext in order to check for op blockers? Berto
On 08/02/2018 11:10, Alberto Garcia wrote: > On Wed 07 Feb 2018 05:29:20 PM CET, Paolo Bonzini wrote: >> Even if an op blocker is present for BLOCK_OP_TYPE_MIRROR_SOURCE, >> it is checked a bit late and the result is that the target is >> created even if drive-mirror subsequently fails. Add an early >> check to avoid this. >> >> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> >> --- >> blockdev.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/blockdev.c b/blockdev.c >> index 8e977eef11..c7e2e0a00e 100644 >> --- a/blockdev.c >> +++ b/blockdev.c >> @@ -3565,6 +3565,11 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) >> return; >> } >> >> + /* Early check to avoid creating target */ >> + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { >> + return; >> + } >> + >> aio_context = bdrv_get_aio_context(bs); >> aio_context_acquire(aio_context); > > Do we need to hold the AioContext in order to check for op blockers? In include/block/block_int.h, they are not in the "Protected by AioContext lock" section. Paolo
On Wed 07 Feb 2018 05:29:20 PM CET, Paolo Bonzini wrote: > Even if an op blocker is present for BLOCK_OP_TYPE_MIRROR_SOURCE, > it is checked a bit late and the result is that the target is > created even if drive-mirror subsequently fails. Add an early > check to avoid this. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Berto
Am 07.02.2018 um 17:29 hat Paolo Bonzini geschrieben: > Even if an op blocker is present for BLOCK_OP_TYPE_MIRROR_SOURCE, > it is checked a bit late and the result is that the target is > created even if drive-mirror subsequently fails. Add an early > check to avoid this. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Thanks, applied to the block branch. Kevin
On 02/07/2018 11:29 AM, Paolo Bonzini wrote: > Even if an op blocker is present for BLOCK_OP_TYPE_MIRROR_SOURCE, > it is checked a bit late and the result is that the target is > created even if drive-mirror subsequently fails. Add an early > check to avoid this. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > blockdev.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/blockdev.c b/blockdev.c > index 8e977eef11..c7e2e0a00e 100644 > --- a/blockdev.c > +++ b/blockdev.c > @@ -3565,6 +3565,11 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp) > return; > } > > + /* Early check to avoid creating target */ > + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { > + return; > + } > + > aio_context = bdrv_get_aio_context(bs); > aio_context_acquire(aio_context); > > What's the implication of the temporarily-extant target node that it needs to be avoided so strictly?
On 10/02/2018 00:07, John Snow wrote: >> + /* Early check to avoid creating target */ >> + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { >> + return; >> + } >> + >> aio_context = bdrv_get_aio_context(bs); >> aio_context_acquire(aio_context); >> >> > What's the implication of the temporarily-extant target node that it > needs to be avoided so strictly? > Creating a file on disk, that no one will ever remvoe. :) Paolo
On Mon, Feb 12, 2018 at 10:58:31AM +0100, Paolo Bonzini wrote: > On 10/02/2018 00:07, John Snow wrote: > >> + /* Early check to avoid creating target */ > >> + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { > >> + return; > >> + } > >> + > >> aio_context = bdrv_get_aio_context(bs); > >> aio_context_acquire(aio_context); > >> > >> > > What's the implication of the temporarily-extant target node that it > > needs to be avoided so strictly? > > > > Creating a file on disk, that no one will ever remvoe. :) Fortunately libvirt's SELinux policy will probably prevent QEMU creating it in the first place :-) Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Am 12.02.2018 um 11:02 hat Daniel P. Berrangé geschrieben: > On Mon, Feb 12, 2018 at 10:58:31AM +0100, Paolo Bonzini wrote: > > On 10/02/2018 00:07, John Snow wrote: > > >> + /* Early check to avoid creating target */ > > >> + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { > > >> + return; > > >> + } > > >> + > > >> aio_context = bdrv_get_aio_context(bs); > > >> aio_context_acquire(aio_context); > > >> > > >> > > > What's the implication of the temporarily-extant target node that it > > > needs to be avoided so strictly? > > > > > > > Creating a file on disk, that no one will ever remvoe. :) > > Fortunately libvirt's SELinux policy will probably prevent QEMU creating > it in the first place :-) Well, calling drive-mirror without allowing QEMU to create the target image would be a bit pointless, so I think we can assume that libvirt did set up the file permission so that QEMU can create it. (Unless mode=existing is used, but I understand that libvirt doesn't want to create images with qemu-img, so that doesn't seem to be the case...) I don't know if libvirt takes care to remove a potentially already created file if the command then fails, but hopefully it does and the patch is not actually needed with libvirt. Kevin
On Mon, Feb 12, 2018 at 01:42:11PM +0100, Kevin Wolf wrote: > Am 12.02.2018 um 11:02 hat Daniel P. Berrangé geschrieben: > > On Mon, Feb 12, 2018 at 10:58:31AM +0100, Paolo Bonzini wrote: > > > On 10/02/2018 00:07, John Snow wrote: > > > >> + /* Early check to avoid creating target */ > > > >> + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) { > > > >> + return; > > > >> + } > > > >> + > > > >> aio_context = bdrv_get_aio_context(bs); > > > >> aio_context_acquire(aio_context); > > > >> > > > >> > > > > What's the implication of the temporarily-extant target node that it > > > > needs to be avoided so strictly? > > > > > > > > > > Creating a file on disk, that no one will ever remvoe. :) > > > > Fortunately libvirt's SELinux policy will probably prevent QEMU creating > > it in the first place :-) > > Well, calling drive-mirror without allowing QEMU to create the target > image would be a bit pointless, so I think we can assume that libvirt > did set up the file permission so that QEMU can create it. (Unless > mode=existing is used, but I understand that libvirt doesn't want to > create images with qemu-img, so that doesn't seem to be the case...) We use either mode=existing or mode=absolute-paths depending on what the mgmt app asked for in the API call to libvirt. I'm still kind of suprised if mode=absolute-paths will work because we ought to be blocking the creation of the file AFAIK and we can't pre-label a file that doesn't exist yet. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.