From nobody Wed May 1 09:53:00 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567171161; cv=none; d=zoho.com; s=zohoarc; b=n4dC6ZY6FYtGiHeWURBTPpgnQTAUTSr8IpmPj4iBwxYhWo0C7GOm0sKAH8TdXgmJ39yE55XY0w9UEeMWhBRX7wC9brPZvDTX00+3IUn6nMwc6IfBzZtkEvWOkpEdXc+My/7KKOo0Zrlt8/8bpgfBthRo9y58tdCP3rBc/sIzup4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567171161; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=tryxp/d6nHwSZbYfB7xAkZviNXySx/tdQO4l5fos9/M=; b=BGG9sp1y0xjc+Z7urd2Ylsm8yMJKWitdbP52hcbrY8stkYT2rufkFwlWkyR6GCk6NEck2+Bem/86P54ObO+Z7aF4mjTkKFTlVd+K/Judyy+weR6iF3nKoI6K2OCUaEJ7xoUxFopwDxbJ0ZaoZGhj1nL88hUO3s8+MFhp+35OA/4= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567171161628557.5592249513857; Fri, 30 Aug 2019 06:19:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 02018307D91F; Fri, 30 Aug 2019 13:19:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A5E1E60623; Fri, 30 Aug 2019 13:19:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6DF80180221D; Fri, 30 Aug 2019 13:19:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x7UDJEBe020625 for ; Fri, 30 Aug 2019 09:19:14 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8791D5D784; Fri, 30 Aug 2019 13:19:14 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id 11B2E5D772 for ; Fri, 30 Aug 2019 13:19:13 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Fri, 30 Aug 2019 15:19:06 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for 5.7.0 1/3] qemu_blockjob: Move active commit failed state handling into a function X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Fri, 30 Aug 2019 13:19:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Currently, there are only a few lines of code so a separate function was not necessary, but this will change. So instead of putting all the new code under 'case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT' create a separate function. Just like every other case has one. Signed-off-by: Michal Privoznik --- src/qemu/qemu_blockjob.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index 3003e9c518..c77a129bfc 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -1121,6 +1121,20 @@ qemuBlockJobProcessEventConcludedCopyAbort(virQEMUDr= iverPtr driver, } =20 =20 +static void +qemuBlockJobProcessEventFailedActiveCommit(virDomainObjPtr vm, + qemuBlockJobDataPtr job) +{ + VIR_DEBUG("active commit job '%s' on VM '%s' failed", job->name, vm->d= ef->name); + + if (!job->disk) + return; + + virObjectUnref(job->disk->mirror); + job->disk->mirror =3D NULL; +} + + static void qemuBlockJobProcessEventConcludedCreate(virQEMUDriverPtr driver, virDomainObjPtr vm, @@ -1211,10 +1225,7 @@ qemuBlockJobEventProcessConcludedTransition(qemuBloc= kJobDataPtr job, break; =20 case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT: - if (job->disk) { - virObjectUnref(job->disk->mirror); - job->disk->mirror =3D NULL; - } + qemuBlockJobProcessEventFailedActiveCommit(vm, job); break; =20 case QEMU_BLOCKJOB_TYPE_CREATE: --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 09:53:00 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567171161; cv=none; d=zoho.com; s=zohoarc; b=Bcc+YC7f/M5Nb3zp4OVLOtDH685PN+CEuePHuXY+l5u+76ymr3M1+je/ZDXtqXFbbA8ry/pSmknZWJg2PSjGfyeSSWstvzl+R81xm+hP6SIJ0o7FjBuEld/K2+Pi2er5rdqIJNa041P18jL16ePANskXWF1a3st9HYHeIyhhAe4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567171161; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=ene7v55+c+TRWMY/tZKanFk9mGPvfzb7VJ5D2uQyidA=; b=cuBKG7K2ko/degEp8+NOd3rEP0jNQOOVgpjI7/IqoyEGlnUj80ejGDe8b2sMA45m51mPY1NKEb8onZx9UHnzTrQCRJTFo9pM9GOkWrxfxrmiNEI8EZvtxoy8itjusvPyE7tpl6BWEhUcmTCggeq/z3JvWOQwbKpzJLKptvaB2YY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567171161621252.35089716566836; Fri, 30 Aug 2019 06:19:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1269810F23E2; Fri, 30 Aug 2019 13:19:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DB5E960605; Fri, 30 Aug 2019 13:19:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F249518089C8; Fri, 30 Aug 2019 13:19:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x7UDJFPq020630 for ; Fri, 30 Aug 2019 09:19:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id 566585D772; Fri, 30 Aug 2019 13:19:15 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id D43B55D784 for ; Fri, 30 Aug 2019 13:19:14 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Fri, 30 Aug 2019 15:19:07 +0200 Message-Id: <79f1903b1eb71d6ac4382ade5f857f6c4aea8a45.1567171015.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for 5.7.0 2/3] qemu_blockjob: Print image path on failed security metadata move too X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.66]); Fri, 30 Aug 2019 13:19:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" When a block job is completed, the security image metadata are moved to the new image. If this fails an warning is printed, but the message contains only domain name and lacks image paths. Put them both into the warning message. Signed-off-by: Michal Privoznik --- src/qemu/qemu_blockjob.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index c77a129bfc..80302fb139 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -646,8 +646,10 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverP= tr driver, virDomainLockImageDetach(driver->lockManager, vm, disk->src); =20 /* Move secret driver metadata */ - if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mir= ror) < 0) - VIR_WARN("Unable to move disk metadata on vm %s", vm->def->nam= e); + if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mir= ror) < 0) { + VIR_WARN("Unable to move disk metadata on vm %s from %s to %s", + vm->def->name, NULLSTR(disk->src->path), NULLSTR(disk= ->mirror->path)); + } =20 virObjectUnref(disk->src); disk->src =3D disk->mirror; --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 09:53:00 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567171175; cv=none; d=zoho.com; s=zohoarc; b=dHZDpsgPF2O/7aPJDVF/aLcuv+U5RSB/lW7Ld1lSm1p7WeVF7k62oIs18MOdk7CUZ4x6OMupVHCKhvjcLn9k/Ai6eFxVjFKMn1qzi+LYMThy82kssXC5T1BW+IXSVN51o8oq3WsDKlZ6uA7Saih1F7exiG5+p1Y/ngxdjHcXhaQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567171175; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=x/H3pLTOJ4KFuaSRhUFaG4oeLQDIg+6kC4F14gvXlBc=; b=FGYCN0/r1VmMxdmQxVDiNUake0M5MrIv0agWNzqSio8wJlY8J9MVsDtOwG76sRdKGlgt4bQ31E8MaSJMP+Tns1Jqz6eysmR4v11hLOIjdS7JhkwW/+c4JuS/E6SRWAHAQu5+hjZYBmsbhlBi8z8zaXJYS1YjkISik8wZCQDzodI= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1567171175861924.3245068196562; Fri, 30 Aug 2019 06:19:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A9373300413C; Fri, 30 Aug 2019 13:19:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 83DBC19D7A; Fri, 30 Aug 2019 13:19:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 477F8180221F; Fri, 30 Aug 2019 13:19:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x7UDJGMm020640 for ; Fri, 30 Aug 2019 09:19:16 -0400 Received: by smtp.corp.redhat.com (Postfix) id 25AEF5B681; Fri, 30 Aug 2019 13:19:16 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.30]) by smtp.corp.redhat.com (Postfix) with ESMTP id A40365EE1D for ; Fri, 30 Aug 2019 13:19:15 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Fri, 30 Aug 2019 15:19:08 +0200 Message-Id: <32223ef67ddd151271bf5cfeaf89138fe031544f.1567171015.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH for 5.7.0 3/3] qemu_blockjob: Restore seclabels more frequently on job events X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Fri, 30 Aug 2019 13:19:35 +0000 (UTC) Content-Type: text/plain; charset="utf-8" If a block job reaches failed/cancelled state, or is completed without pivot then qemu no longer uses the mirror image. Since we've set its seclabels we must restore them back to avoid leaking perms/XATTRs. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1741456 Signed-off-by: Michal Privoznik --- src/qemu/qemu_blockjob.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index 80302fb139..8411d8e223 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -656,6 +656,13 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverP= tr driver, } else { if (disk->mirror) { virDomainLockImageDetach(driver->lockManager, vm, disk->mirror= ); + + /* QEMU no longer uses the image, so we can restore its label.= */ + if (qemuSecurityRestoreImageLabel(driver, vm, disk->mirror, tr= ue) < 0) { + VIR_WARN("Unable to restore security labels on vm %s disk = %s", + vm->def->name, NULLSTR(disk->mirror->path)); + } + virObjectUnref(disk->mirror); } } @@ -725,6 +732,13 @@ qemuBlockJobEventProcessLegacy(virQEMUDriverPtr driver, case VIR_DOMAIN_BLOCK_JOB_CANCELED: if (disk->mirror) { virDomainLockImageDetach(driver->lockManager, vm, disk->mirror= ); + + /* QEMU no longer uses the image, so we can restore its label.= */ + if (qemuSecurityRestoreImageLabel(driver, vm, disk->mirror, tr= ue) < 0) { + VIR_WARN("Unable to restore security labels on vm %s disk = %s", + vm->def->name, NULLSTR(disk->mirror->path)); + } + virObjectUnref(disk->mirror); disk->mirror =3D NULL; } @@ -1124,7 +1138,8 @@ qemuBlockJobProcessEventConcludedCopyAbort(virQEMUDri= verPtr driver, =20 =20 static void -qemuBlockJobProcessEventFailedActiveCommit(virDomainObjPtr vm, +qemuBlockJobProcessEventFailedActiveCommit(virQEMUDriverPtr driver, + virDomainObjPtr vm, qemuBlockJobDataPtr job) { VIR_DEBUG("active commit job '%s' on VM '%s' failed", job->name, vm->d= ef->name); @@ -1132,6 +1147,12 @@ qemuBlockJobProcessEventFailedActiveCommit(virDomain= ObjPtr vm, if (!job->disk) return; =20 + /* QEMU no longer uses the image, so we can restore its label. */ + if (qemuSecurityRestoreImageLabel(driver, vm, job->disk->mirror, true)= < 0) { + VIR_WARN("Unable to restore security labels on vm %s disk %s", + vm->def->name, NULLSTR(job->disk->mirror->path)); + } + virObjectUnref(job->disk->mirror); job->disk->mirror =3D NULL; } @@ -1227,7 +1248,7 @@ qemuBlockJobEventProcessConcludedTransition(qemuBlock= JobDataPtr job, break; =20 case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT: - qemuBlockJobProcessEventFailedActiveCommit(vm, job); + qemuBlockJobProcessEventFailedActiveCommit(driver, vm, job); break; =20 case QEMU_BLOCKJOB_TYPE_CREATE: --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list