Re: [libvirt] [PATCH v3 1/2] qemu: Resolve data loss and data corruption of domain restoring.

Both "qemuDomainStartWithFlags" and "qemuAutostartDomain" try to restore the domain from managedsave'ed image if it exists (by invoking "qemuDomainObjRestore"), but it unlinks the image even if restoring fails, which causes data loss. (This problem exists for "virsh managedsave dom; virsh start dom"). And keeping the saved state will cause data corruption if the user modified his disks and restore the domain second time from the saved state. (Problem exists for "virsh save dom; virsh restore dom").

The fix is to: * Don't unlink()s the managed saved state if the restoring fails.

* Remove the saved state if restoring succeeded.

+++ b/src/qemu/qemu_driver.c @@ -3171,6 +3171,9 @@ qemuDomainRestore(virConnectPtr conn, vm = NULL; } + if ((ret == 0) && (unlink(path) < 0)) + VIR_WARN("Failed to remove the saved state %s", path);

+ cleanup: virDomainDefFree(def); VIR_FORCE_CLOSE(fd); @@ -3423,18 +3426,22 @@ static int qemudDomainObjStart(virConnectPtr conn, /* * If there is a managed saved state restore it instead of starting - * from scratch. In any case the old state is removed. + * from scratch. */ managed_save = qemuDomainManagedSavePath(driver, vm); if ((managed_save) && (virFileExists(managed_save))) {

ret = qemuDomainObjRestore(conn, driver, vm, managed_save); - if (unlink(managed_save) < 0) { - VIR_WARN("Failed to remove the managed state %s", managed_save); + if (ret == 0) { + if (unlink(managed_save) < 0) + VIR_WARN("Failed to remove the managed state %s", managed_save); + } else { + qemuReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to restore from the managed state %s"), + managed_save);

} - if (ret == 0) - goto cleanup; + goto cleanup; } ret = qemuProcessStart(conn, driver, vm, NULL, start_paused, -1, NULL, -- 1.7.4