Re: [libvirt] [PATCH] snapshot: make quiesce a bit safer
On 03/16/2012 02:49 PM, Eric Blake wrote:
If a guest is paused, we were silently ignoring the quiesce flag,
which results in unclean snapshots, contrary to the intent of the
flag. Since we can't quiesce without guest agent support, we should
instead fail if the guest is not running.
Meanwhile, if we attempt a quiesce command, but the guest agent
doesn't respond, and we time out, we may have left the command
pending on the guest's queue, and when the guest resumes parsing
commands, it will freeze even though our command is no longer
around to issue a thaw. To be safe, we must _always_ pair every
quiesce call with a counterpart thaw, even if the quiesce call
failed due to a timeout, so that if a guest wakes up and starts
processing a command backlog, it will not get stuck in a frozen
state.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive):
Always issue thaw after a quiesce, even if quiesce failed.
(qemuDomainSnapshotFSThaw): Add a parameter.
---
This needs one tweak. If the user calls virDomainSnapshotCreate(...,
VIR_DOMAIN_SNAPSHOT_CREATE_HALT | VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE),
they are specifically requesting that the file system be stabilized then
abandon the current running VM, with the intention of doing a fresh boot
using the stable disks. In that case, it's okay to do a quiesce with no
matching thaw; particularly since the vm will be halted so a thaw would
fail here:
endjob:
+ if (vm && thaw != 0 &&
+ qemuDomainSnapshotFSThaw(driver, vm, thaw > 0) < 0) {
+ /* helper reported the error, if it was needed */
+ if (thaw > 0)
+ ret = -1;
+ }
if (vm && (qemuDomainObjEndJob(driver, vm) == 0)) {
/* Only possible if a transient vm quit while our locks were down,
* in which case we don't want to save snapshot metadata. */
I will be squashing this in:
diff --git i/src/qemu/qemu_driver.c w/src/qemu/qemu_driver.c
index a46ce10..b661290 100644
--- i/src/qemu/qemu_driver.c
+++ w/src/qemu/qemu_driver.c
@@ -10018,6 +10018,7 @@ qemuDomainSnapshotCreateDiskActive(virConnectPtr
conn,
* only, so this end job never drops the last reference. */
ignore_value(qemuDomainObjEndJob(driver, vm));
resume = false;
+ thaw = 0;
vm = NULL;
if (event)
qemuDomainEventQueue(driver, event);
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 620 bytes)