Blame SOURCES/libvirt-qemuProcessLaunch-Tighten-rules-for-external-devices-wrt-incoming-migration.patch

acda74
From dd64ec40a29739464cfe886818588bb9946b8d8d Mon Sep 17 00:00:00 2001
acda74
Message-Id: <dd64ec40a29739464cfe886818588bb9946b8d8d@dist-git>
acda74
From: Michal Privoznik <mprivozn@redhat.com>
acda74
Date: Fri, 27 Jan 2023 13:59:08 +0100
acda74
Subject: [PATCH] qemuProcessLaunch: Tighten rules for external devices wrt
acda74
 incoming migration
acda74
MIME-Version: 1.0
acda74
Content-Type: text/plain; charset=UTF-8
acda74
Content-Transfer-Encoding: 8bit
acda74
acda74
When starting a guest, helper processes are started first. But
acda74
they need a bit of special handling. Just consider a regular cold
acda74
boot and an incoming migration. For instance, in case of swtpm
acda74
with its state on a shared volume, we want to set label on the
acda74
state for the cold boot case, but don't want to touch the label
acda74
in case of incoming migration (because the source very
acda74
specifically did not restore it either).
acda74
acda74
Until now, these two cases were differentiated by testing
acda74
@incoming against NULL. And while that makes sense for other
acda74
aspects of domain startup, for external devices we need a bit
acda74
more, because a restore from a save file is also 'incoming
acda74
migration'.
acda74
acda74
Now, there is a difference between regular migration and restore
acda74
from a save file. In the former case we do not want to set
acda74
seclabels in the save state. BUT, in the latter case we do need
acda74
to set them, because the code that saves the machine restored
acda74
seclabels.
acda74
acda74
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2161557
acda74
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
acda74
Reviewed-by: Ján Tomko <jtomko@redhat.com>
acda74
(cherry picked from commit 5c4007ddc6c29632b5cc96ab4ef81ebb7797d1bb)
acda74
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
acda74
---
acda74
 src/qemu/qemu_process.c | 9 ++++++++-
acda74
 1 file changed, 8 insertions(+), 1 deletion(-)
acda74
acda74
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
acda74
index 2de87211fb..1217fb1856 100644
acda74
--- a/src/qemu/qemu_process.c
acda74
+++ b/src/qemu/qemu_process.c
acda74
@@ -7620,6 +7620,7 @@ qemuProcessLaunch(virConnectPtr conn,
acda74
     size_t nnicindexes = 0;
acda74
     g_autofree int *nicindexes = NULL;
acda74
     unsigned long long maxMemLock = 0;
acda74
+    bool incomingMigrationExtDevices = false;
acda74
 
acda74
     VIR_DEBUG("conn=%p driver=%p vm=%p name=%s id=%d asyncJob=%d "
acda74
               "incoming.uri=%s "
acda74
@@ -7674,7 +7675,13 @@ qemuProcessLaunch(virConnectPtr conn,
acda74
     if (qemuDomainSchedCoreStart(cfg, vm) < 0)
acda74
         goto cleanup;
acda74
 
acda74
-    if (qemuExtDevicesStart(driver, vm, incoming != NULL) < 0)
acda74
+    /* For external devices the rules of incoming migration are a bit stricter,
acda74
+     * than plain @incoming != NULL. They need to differentiate between
acda74
+     * incoming migration and restore from a save file.  */
acda74
+    incomingMigrationExtDevices = incoming &&
acda74
+        vmop == VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START;
acda74
+
acda74
+    if (qemuExtDevicesStart(driver, vm, incomingMigrationExtDevices) < 0)
acda74
         goto cleanup;
acda74
 
acda74
     if (!(cmd = qemuBuildCommandLine(vm,
acda74
-- 
acda74
2.39.1
acda74