From nobody Fri May 3 00:04:02 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1616086023; cv=none; d=zohomail.com; s=zohoarc; b=ZBikRgTPvitRrOtqUoApM4SrWauCCTbGCQV5b3L8mRVfVXDkRo/6pwgxd0OwU9LF3iDsIQch5oH2y8h5Py+a25T6D4sNbjyfpY+Gntdzmp9FftkFZJjcBSYH5oMTergYV/47qUZBFvnCGpEcgFMl6J4W+wgZTYI0miDxzOGsOAY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1616086023; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=RmvqDsCAwCRDwxoTb4DbU563dm0Yt6Y1Eb1RGo7TxrU=; b=UJ8VFxGe857xpUtL/bIbY4YMLCtS1VycZzMqofkeiI7dKhf+7WR7TBoLSPmGEuHAJNjSscX4EHPWFHpmSpYFbP1LfcVpE3H0Xs/ebBQiQ6zIKCN3hbgefCKDokEwYd9xIx/U/WEqJRnvKoafLSEsn7gBc2T1eaVNn28rnDrG3sY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1616086023570331.30988131150457; Thu, 18 Mar 2021 09:47:03 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-197-9JF--RTvPESk9ILqNrpNrA-1; Thu, 18 Mar 2021 12:46:58 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9EE76814339; Thu, 18 Mar 2021 16:46:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7CE205C239; Thu, 18 Mar 2021 16:46:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 403954A7C8; Thu, 18 Mar 2021 16:46:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12IGkn4g030031 for ; Thu, 18 Mar 2021 12:46:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id 72CE539A60; Thu, 18 Mar 2021 16:46:49 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.10]) by smtp.corp.redhat.com (Postfix) with ESMTP id C0BD62C01F for ; Thu, 18 Mar 2021 16:46:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1616086022; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=RmvqDsCAwCRDwxoTb4DbU563dm0Yt6Y1Eb1RGo7TxrU=; b=W1NPy6obAD0Y9IFve9cL1cLvPWYIlopPr1NLyGdfm4fp7YxWMLPu8t3qjY0Xwsxck+Hi8+ f/PwseIlzclW+3GHd6FepZP2YhknbStKSqJB+P97ldaVIHxrvVRKUWShA58/tCj3nwQHGk UlChtuJaJ2S9m8RypCmtwBmCEvZssr4= X-MC-Unique: 9JF--RTvPESk9ILqNrpNrA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH] qemu: backup: Restore security label on backup disk store image on VM termination Date: Thu, 18 Mar 2021 17:46:43 +0100 Message-Id: <2a691ebbc6098d97d5a92d73f1d7efdfd58d40dd.1616086003.git.pkrempa@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" When the backup job is terminated normally the security label is restored by the blockjob finishing handler. If the VM dies or is destroyed that wouldn't happen as the blockjob handler wouldn't be called. Restore the security label on disk store where we remember that the job was running at the point when 'qemuBackupJobTerminate' was called. Not resetting the security label means that we also leak the xattr attributes remembering the label which prevents any further use of the file, which is a problem for block devices. This also requires that the call to 'qemuBackupJobTerminate' from 'qemuProcessStop' happens only after 'vm->pid' was reset as otherwise the security subdrivers attempt to enter the process namespace which fails if the process isn't running any more. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1939082 Signed-off-by: Peter Krempa Reviewed-by: Michal Privoznik --- src/qemu/qemu_backup.c | 36 ++++++++++++++++++++++++++---------- src/qemu/qemu_process.c | 8 ++++---- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c index f91d632715..430c11762c 100644 --- a/src/qemu/qemu_backup.c +++ b/src/qemu/qemu_backup.c @@ -28,6 +28,7 @@ #include "qemu_monitor_json.h" #include "qemu_checkpoint.h" #include "qemu_command.h" +#include "qemu_security.h" #include "storage_source.h" #include "storage_source_conf.h" @@ -558,25 +559,40 @@ qemuBackupJobTerminate(virDomainObjPtr vm, { qemuDomainObjPrivatePtr priv =3D vm->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D NULL; size_t i; - if (!(priv->backup->apiFlags & VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL)= && - (priv->backup->type =3D=3D VIR_DOMAIN_BACKUP_TYPE_PULL || - (priv->backup->type =3D=3D VIR_DOMAIN_BACKUP_TYPE_PUSH && - jobstatus !=3D QEMU_DOMAIN_JOB_STATUS_COMPLETED))) { + for (i =3D 0; i < priv->backup->ndisks; i++) { + virDomainBackupDiskDefPtr backupdisk =3D priv->backup->disks + i; - g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(priv= ->driver); + if (!backupdisk->store) + continue; + + /* restore security label on the images in case the blockjob finis= hing + * handler didn't do so, such as when the VM was destroyed */ + if (backupdisk->state =3D=3D VIR_DOMAIN_BACKUP_DISK_STATE_RUNNING = || + backupdisk->state =3D=3D VIR_DOMAIN_BACKUP_DISK_STATE_NONE) { + if (qemuSecurityRestoreImageLabel(priv->driver, vm, backupdisk= ->store, + false) < 0) + VIR_WARN("Unable to restore security label on %s", + NULLSTR(backupdisk->store->path)); + } + + /* delete unneeded images created by libvirt */ + if (backupdisk->store->type =3D=3D VIR_STORAGE_TYPE_FILE && + !(priv->backup->apiFlags & VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTER= NAL) && + (priv->backup->type =3D=3D VIR_DOMAIN_BACKUP_TYPE_PULL || + (priv->backup->type =3D=3D VIR_DOMAIN_BACKUP_TYPE_PUSH && + jobstatus !=3D QEMU_DOMAIN_JOB_STATUS_COMPLETED))) { - for (i =3D 0; i < priv->backup->ndisks; i++) { - virDomainBackupDiskDefPtr backupdisk =3D priv->backup->disks += i; uid_t uid; gid_t gid; - if (!backupdisk->store || - backupdisk->store->type !=3D VIR_STORAGE_TYPE_FILE) - continue; + if (!cfg) + cfg =3D virQEMUDriverGetConfig(priv->driver); qemuDomainGetImageIds(cfg, vm, backupdisk->store, NULL, &uid, = &gid); + if (virFileRemove(backupdisk->store->path, uid, gid) < 0) VIR_WARN("failed to remove scratch file '%s'", backupdisk->store->path); diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 5f31260221..0b79dde2c3 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7822,10 +7822,6 @@ void qemuProcessStop(virQEMUDriverPtr driver, virResctrlAllocRemove(vm->def->resctrls[i]->alloc); } - /* clean up a possible backup job */ - if (priv->backup) - qemuBackupJobTerminate(vm, QEMU_DOMAIN_JOB_STATUS_CANCELED); - qemuProcessRemoveDomainStatus(driver, vm); /* Remove VNC and Spice ports from port reservation bitmap, but only if @@ -7877,6 +7873,10 @@ void qemuProcessStop(virQEMUDriverPtr driver, for (i =3D 0; i < vm->def->niothreadids; i++) vm->def->iothreadids[i]->thread_id =3D 0; + /* clean up a possible backup job */ + if (priv->backup) + qemuBackupJobTerminate(vm, QEMU_DOMAIN_JOB_STATUS_CANCELED); + /* Do this explicitly after vm->pid is reset so that security drivers = don't * try to enter the domain's namespace which is non-existent by now as= qemu * is no longer running. */ --=20 2.29.2