From nobody Sat May 4 03:02:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1490360699012316.14617471931206; Fri, 24 Mar 2017 06:04:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EC45680488; Fri, 24 Mar 2017 13:04:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B16F97D642; Fri, 24 Mar 2017 13:04:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 609594E9B4; Fri, 24 Mar 2017 13:04:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v2OD4s6A032514 for ; Fri, 24 Mar 2017 09:04:54 -0400 Received: by smtp.corp.redhat.com (Postfix) id 48DAB8440A; Fri, 24 Mar 2017 13:04:54 +0000 (UTC) Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com [10.34.129.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9EB2A84401; Fri, 24 Mar 2017 13:04:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EC45680488 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com EC45680488 From: Peter Krempa To: libvir-list@redhat.com Date: Fri, 24 Mar 2017 14:05:40 +0100 Message-Id: <00e979a7ae91f0180c5ab017bebf4f02cbc9d4c0.1490360622.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v3 1/3] virerror: Introduce VIR_ERR_OPERATION_UNSAFE X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Fri, 24 Mar 2017 13:04:58 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Similarly to VIR_ERR_MIGRATION_UNSAFE add a error code which will be reported when an operation is possible with the hypervisor but may lead to data loss or other problems in certain cases. This error code notifies the user that the operation can be forced using a specific flag. --- include/libvirt/virterror.h | 1 + src/util/virerror.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h index 2efee8f0c..04fea2e34 100644 --- a/include/libvirt/virterror.h +++ b/include/libvirt/virterror.h @@ -319,6 +319,7 @@ typedef enum { VIR_ERR_AGENT_UNSYNCED =3D 97, /* guest agent replies with wron= g id to guest-sync command */ VIR_ERR_LIBSSH =3D 98, /* error in libssh transport dri= ver */ + VIR_ERR_OPERATION_UNSAFE =3D 99, /* unsafe operation requiring ov= erride */ } virErrorNumber; /** diff --git a/src/util/virerror.c b/src/util/virerror.c index ef17fb5e6..1437cf02b 100644 --- a/src/util/virerror.c +++ b/src/util/virerror.c @@ -1407,6 +1407,11 @@ virErrorMsg(virErrorNumber error, const char *info) else errmsg =3D _("libssh transport error: %s"); break; + case VIR_ERR_OPERATION_UNSAFE: + if (info =3D=3D NULL) + errmsg =3D _("operation unsafe"); + else + errmsg =3D _("operation unsafe: %s"); } return errmsg; } --=20 2.12.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 4 03:02:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 14903606988831009.3870188192861; Fri, 24 Mar 2017 06:04:58 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 09FCDC05490E; Fri, 24 Mar 2017 13:04:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C773F84401; Fri, 24 Mar 2017 13:04:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 76C7541287; Fri, 24 Mar 2017 13:04:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v2OD4t0V032521 for ; Fri, 24 Mar 2017 09:04:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id 403188440A; Fri, 24 Mar 2017 13:04:55 +0000 (UTC) Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com [10.34.129.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 95B5484401; Fri, 24 Mar 2017 13:04:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 09FCDC05490E Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 09FCDC05490E From: Peter Krempa To: libvir-list@redhat.com Date: Fri, 24 Mar 2017 14:05:41 +0100 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v3 2/3] snapshot: Introduce flag VIR_DOMAIN_SNAPSHOT_CREATE_UNSAFE X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 24 Mar 2017 13:04:59 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Introduce a flag that will allow to override safety checks in certain snapshot configurations. --- include/libvirt/libvirt-domain-snapshot.h | 3 +++ src/qemu/qemu_driver.c | 3 ++- tools/virsh-snapshot.c | 6 ++++++ tools/virsh.pod | 6 +++++- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/include/libvirt/libvirt-domain-snapshot.h b/include/libvirt/li= bvirt-domain-snapshot.h index 0f73f24b2..9d1da8710 100644 --- a/include/libvirt/libvirt-domain-snapshot.h +++ b/include/libvirt/libvirt-domain-snapshot.h @@ -70,6 +70,9 @@ typedef enum { VIR_DOMAIN_SNAPSHOT_CREATE_LIVE =3D (1 << 8), /* create the sna= pshot while the guest = is running */ + VIR_DOMAIN_SNAPSHOT_CREATE_UNSAFE =3D (1 << 9), /* override safet= y checks + for certain + configurations */ } virDomainSnapshotCreateFlags; /* Take a snapshot of the current VM state */ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 676295208..02cdd2f6b 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -14431,7 +14431,8 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain, VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT | VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE | VIR_DOMAIN_SNAPSHOT_CREATE_ATOMIC | - VIR_DOMAIN_SNAPSHOT_CREATE_LIVE, NULL); + VIR_DOMAIN_SNAPSHOT_CREATE_LIVE | + VIR_DOMAIN_SNAPSHOT_CREATE_UNSAFE, NULL); VIR_REQUIRE_FLAG_RET(VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE, VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY, diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c index 5c844a5ea..48ad6f2ef 100644 --- a/tools/virsh-snapshot.c +++ b/tools/virsh-snapshot.c @@ -364,6 +364,10 @@ static const vshCmdOptDef opts_snapshot_create_as[] = =3D { .flags =3D VSH_OFLAG_REQ_OPT, .help =3D N_("memory attributes: [file=3D]name[,snapshot=3Dtype]") }, + {.name =3D "unsafe", + .type =3D VSH_OT_BOOL, + .help =3D N_("override unsafe operation") + }, {.name =3D "diskspec", .type =3D VSH_OT_ARGV, .help =3D N_("disk attributes: disk[,snapshot=3Dtype][,driver=3Dtype]= [,file=3Dname]") @@ -404,6 +408,8 @@ cmdSnapshotCreateAs(vshControl *ctl, const vshCmd *cmd) flags |=3D VIR_DOMAIN_SNAPSHOT_CREATE_ATOMIC; if (vshCommandOptBool(cmd, "live")) flags |=3D VIR_DOMAIN_SNAPSHOT_CREATE_LIVE; + if (vshCommandOptBool(cmd, "unsafe")) + flags |=3D VIR_DOMAIN_SNAPSHOT_CREATE_UNSAFE; if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL))) return false; diff --git a/tools/virsh.pod b/tools/virsh.pod index ee7904611..62bca4b45 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -4104,7 +4104,7 @@ used to represent properties of snapshots. =3Ditem B I [I] {[I<--redefine> [I<--cur= rent>]] | [I<--no-metadata>] [I<--halt>] [I<--disk-only>] [I<--reuse-external>] -[I<--quiesce>] [I<--atomic>] [I<--live>]} +[I<--quiesce>] [I<--atomic>] [I<--live>] [I<--unsafe>]} Create a snapshot for domain I with the properties specified in I. Normally, the only properties settable for a domain snapshot @@ -4163,6 +4163,10 @@ the guest is running. Both disk snapshot and domain = memory snapshot are taken. This increases the size of the memory image of the external checkpoint. This is currently supported only for external checkpoints. +Certain snapshot configurations may be unsafe but historically used to wor= k. You +can specify the I<--unsafe> flag if a snapshot operation is forbidden due = to +being unsafe. + Existence of snapshot metadata will prevent attempts to B a persistent domain. However, for transient domains, snapshot metadata is silently lost when the domain quits running (whether --=20 2.12.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 4 03:02:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1490360715273476.78623948133713; Fri, 24 Mar 2017 06:05:15 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 87B8A1B1771; Fri, 24 Mar 2017 13:05:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 51AC37D675; Fri, 24 Mar 2017 13:05:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D80995EC63; Fri, 24 Mar 2017 13:05:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v2OD4u0i032529 for ; Fri, 24 Mar 2017 09:04:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4D9CF84401; Fri, 24 Mar 2017 13:04:56 +0000 (UTC) Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com [10.34.129.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8DFCE84414; Fri, 24 Mar 2017 13:04:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 87B8A1B1771 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 87B8A1B1771 From: Peter Krempa To: libvir-list@redhat.com Date: Fri, 24 Mar 2017 14:05:42 +0100 Message-Id: <7aaf2a7a68217f92a31004671138f002e0a6612a.1490360622.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v3 3/3] qemu: snapshot: Forbid internal snapshots with pflash firmware X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Fri, 24 Mar 2017 13:05:15 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If the variable store () file is raw qemu can't do a snapshot of it and thus the snapshot would be incomplete. QEMU does no reject such snapshot. Additionally allowing to use a qcow2 variable store backing file would solve this issue but then it would become eligible to become target of the memory dump. Offline internal snapshot would be incomplete too with either storage format since libvirt does not handle the pflash file in this case. Forbid such snapshot so that we can avoid problems. --- Notes: v3: - allow overriding of the check by specifying VIR_DOMAIN_SNAPSHOT_CREAT= E_UNSAFE - report VIR_ERR_OPERATION_UNSAFE (instead of VIR_ERR_OPERATION_UNSUPPO= RTED) - tweaked commend in code (since it's not forbidden completely) - tweaked error message =20 v2: - changed error code to OPERATION_UNSUPPORTED (from CONFIG_UNSUPPORTED) - dropped mention of QEMU from the error message - dropped mentions of OVMF or the firmware itself altoghether, the culp= rit is the pflash device regardless of the software it contains - mentioned all the stuff in the commit message and comment =20 We also will need to introduce a way to snapshot the pflash for external snapshots which is currently impossible as well, but fortunately does n= ot have inherent drawbacks as internal snapshots. src/qemu/qemu_driver.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 02cdd2f6b..2ca839f1c 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -13754,6 +13754,7 @@ qemuDomainSnapshotPrepare(virConnectPtr conn, bool active =3D virDomainObjIsActive(vm); bool reuse =3D (*flags & VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT) !=3D 0; bool atomic =3D (*flags & VIR_DOMAIN_SNAPSHOT_CREATE_ATOMIC) !=3D 0; + bool unsafe =3D (*flags & VIR_DOMAIN_SNAPSHOT_CREATE_UNSAFE) !=3D 0; bool found_internal =3D false; bool forbid_internal =3D false; int external =3D 0; @@ -13873,6 +13874,20 @@ qemuDomainSnapshotPrepare(virConnectPtr conn, goto cleanup; } + /* internal snapshots + pflash based loader have the following problem= s: + * - if the variable store is raw, the snapshot is incomplete + * - alowing a qcow2 image as the varstore would make it eligible to r= eceive + * the vmstate dump, which would make it huge + * - offline snapshot would not snapshot the varstore at all + */ + if (!unsafe && found_internal && + vm->def->os.loader->type =3D=3D VIR_DOMAIN_LOADER_TYPE_PFLASH) { + virReportError(VIR_ERR_OPERATION_UNSAFE, "%s", + _("internal snapshots of a VM with pflash based " + "firmware can corrupt the nvram data")); + goto cleanup; + } + /* Alter flags to let later users know what we learned. */ if (external && !active) *flags |=3D VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY; --=20 2.12.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list