|
 |
2cf05b |
From 2aeb222d9d61868ef40932b4349af84696415e11 Mon Sep 17 00:00:00 2001
|
|
|
2cf05b |
Message-Id: <2aeb222d9d61868ef40932b4349af84696415e11@dist-git>
|
|
|
2cf05b |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
2cf05b |
Date: Tue, 6 Sep 2022 13:45:51 +0200
|
|
|
2cf05b |
Subject: [PATCH] qemu_process.c: Propagate hugetlbfs mounts on reconnect
|
|
|
2cf05b |
|
|
|
2cf05b |
When reconnecting to a running QEMU process, we construct the
|
|
|
2cf05b |
per-domain path in all hugetlbfs mounts. This is a relict from
|
|
|
2cf05b |
the past (v3.4.0-100-g5b24d25062) where we switched to a
|
|
|
2cf05b |
per-domain path and we want to create those paths when libvirtd
|
|
|
2cf05b |
restarts on upgrade.
|
|
|
2cf05b |
|
|
|
2cf05b |
And with namespaces enabled there is one corner case where the
|
|
|
2cf05b |
path is not created. In fact an error is reported and the
|
|
|
2cf05b |
reconnect fails. Ideally, all mount events are propagated into
|
|
|
2cf05b |
the QEMU's namespace. And they probably are, except when the
|
|
|
2cf05b |
target path does not exist inside the namespace. Now, it's pretty
|
|
|
2cf05b |
common for users to mount hugetlbfs under /dev (e.g.
|
|
|
2cf05b |
/dev/hugepages), but if domain is started without hugepages (or
|
|
|
2cf05b |
more specifically - private hugetlbfs path wasn't created on
|
|
|
2cf05b |
domain startup), then the reconnect code tries to create it.
|
|
|
2cf05b |
But it fails to do so, well, it fails to set seclabels on the
|
|
|
2cf05b |
path because, because the path does not exist in the private
|
|
|
2cf05b |
namespace. And it doesn't exist because we specifically create
|
|
|
2cf05b |
only a subset of all possible /dev nodes. Therefore, the mount
|
|
|
2cf05b |
event, whilst propagated, is not successful and hence the
|
|
|
2cf05b |
filesystem is not mounted. We have to do it ourselves.
|
|
|
2cf05b |
|
|
|
2cf05b |
If hugetlbfs is mount anywhere else there's no problem and this
|
|
|
2cf05b |
is effectively a dead code.
|
|
|
2cf05b |
|
|
|
2cf05b |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
|
|
|
2cf05b |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
2cf05b |
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
|
|
|
2cf05b |
(cherry picked from commit 0377177c7856bb87a9d8aa1324b54f5fbe9f1e5b)
|
|
|
2cf05b |
|
|
|
2cf05b |
Conflicts:
|
|
|
2cf05b |
- docs/kbase/qemu-passthrough-security.rst: Well, v8.8.0-rc1~32
|
|
|
2cf05b |
isn't backported, thus we can't remove a paragraph that the
|
|
|
2cf05b |
backported commit did. It's a documentation after all, so no
|
|
|
2cf05b |
harm.
|
|
|
2cf05b |
|
|
|
2cf05b |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
|
|
|
2cf05b |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
2cf05b |
---
|
|
|
2cf05b |
src/qemu/qemu_process.c | 3 +++
|
|
|
2cf05b |
1 file changed, 3 insertions(+)
|
|
|
2cf05b |
|
|
|
2cf05b |
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
|
|
2cf05b |
index 540eee9ff0..1164340aa9 100644
|
|
|
2cf05b |
--- a/src/qemu/qemu_process.c
|
|
|
2cf05b |
+++ b/src/qemu/qemu_process.c
|
|
|
2cf05b |
@@ -3906,6 +3906,9 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriver *driver,
|
|
|
2cf05b |
return -1;
|
|
|
2cf05b |
}
|
|
|
2cf05b |
|
|
|
2cf05b |
+ if (qemuDomainNamespaceSetupPath(vm, path, NULL) < 0)
|
|
|
2cf05b |
+ return -1;
|
|
|
2cf05b |
+
|
|
|
2cf05b |
if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0)
|
|
|
2cf05b |
return -1;
|
|
|
2cf05b |
} else {
|
|
|
2cf05b |
--
|
|
|
2cf05b |
2.38.0
|
|
|
2cf05b |
|