Blame SOURCES/libvirt-qemuProcessLaunch-Tighten-rules-for-external-devices-wrt-incoming-migration.patch

735c6b
From dd64ec40a29739464cfe886818588bb9946b8d8d Mon Sep 17 00:00:00 2001
735c6b
Message-Id: <dd64ec40a29739464cfe886818588bb9946b8d8d@dist-git>
735c6b
From: Michal Privoznik <mprivozn@redhat.com>
735c6b
Date: Fri, 27 Jan 2023 13:59:08 +0100
735c6b
Subject: [PATCH] qemuProcessLaunch: Tighten rules for external devices wrt
735c6b
 incoming migration
735c6b
MIME-Version: 1.0
735c6b
Content-Type: text/plain; charset=UTF-8
735c6b
Content-Transfer-Encoding: 8bit
735c6b
735c6b
When starting a guest, helper processes are started first. But
735c6b
they need a bit of special handling. Just consider a regular cold
735c6b
boot and an incoming migration. For instance, in case of swtpm
735c6b
with its state on a shared volume, we want to set label on the
735c6b
state for the cold boot case, but don't want to touch the label
735c6b
in case of incoming migration (because the source very
735c6b
specifically did not restore it either).
735c6b
735c6b
Until now, these two cases were differentiated by testing
735c6b
@incoming against NULL. And while that makes sense for other
735c6b
aspects of domain startup, for external devices we need a bit
735c6b
more, because a restore from a save file is also 'incoming
735c6b
migration'.
735c6b
735c6b
Now, there is a difference between regular migration and restore
735c6b
from a save file. In the former case we do not want to set
735c6b
seclabels in the save state. BUT, in the latter case we do need
735c6b
to set them, because the code that saves the machine restored
735c6b
seclabels.
735c6b
735c6b
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2161557
735c6b
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
735c6b
Reviewed-by: Ján Tomko <jtomko@redhat.com>
735c6b
(cherry picked from commit 5c4007ddc6c29632b5cc96ab4ef81ebb7797d1bb)
735c6b
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
735c6b
---
735c6b
 src/qemu/qemu_process.c | 9 ++++++++-
735c6b
 1 file changed, 8 insertions(+), 1 deletion(-)
735c6b
735c6b
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
735c6b
index 2de87211fb..1217fb1856 100644
735c6b
--- a/src/qemu/qemu_process.c
735c6b
+++ b/src/qemu/qemu_process.c
735c6b
@@ -7620,6 +7620,7 @@ qemuProcessLaunch(virConnectPtr conn,
735c6b
     size_t nnicindexes = 0;
735c6b
     g_autofree int *nicindexes = NULL;
735c6b
     unsigned long long maxMemLock = 0;
735c6b
+    bool incomingMigrationExtDevices = false;
735c6b
 
735c6b
     VIR_DEBUG("conn=%p driver=%p vm=%p name=%s id=%d asyncJob=%d "
735c6b
               "incoming.uri=%s "
735c6b
@@ -7674,7 +7675,13 @@ qemuProcessLaunch(virConnectPtr conn,
735c6b
     if (qemuDomainSchedCoreStart(cfg, vm) < 0)
735c6b
         goto cleanup;
735c6b
 
735c6b
-    if (qemuExtDevicesStart(driver, vm, incoming != NULL) < 0)
735c6b
+    /* For external devices the rules of incoming migration are a bit stricter,
735c6b
+     * than plain @incoming != NULL. They need to differentiate between
735c6b
+     * incoming migration and restore from a save file.  */
735c6b
+    incomingMigrationExtDevices = incoming &&
735c6b
+        vmop == VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START;
735c6b
+
735c6b
+    if (qemuExtDevicesStart(driver, vm, incomingMigrationExtDevices) < 0)
735c6b
         goto cleanup;
735c6b
 
735c6b
     if (!(cmd = qemuBuildCommandLine(vm,
735c6b
-- 
735c6b
2.39.1
735c6b