When cleaning up host in qemuProcessStop(), our external helper processes (e.g. swtpm) want to know whether the domain is being migrated out or not (so that they restore seclabels on a device state that's on a shared storage). This fact is reflected in the @outgoingMigration variable which is set to true if asyncJob is anything but VIR_ASYNC_JOB_MIGRATION_IN. Well, we have a specific job for outgoing migration (VIR_ASYNC_JOB_MIGRATION_OUT) and thus we should check for that. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/qemu/qemu_process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 4afd12e3fa..6718915293 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -8398,7 +8398,7 @@ void qemuProcessStop(virQEMUDriver *driver, qemuDomainCleanupRun(driver, vm); outgoingMigration = (flags & VIR_QEMU_PROCESS_STOP_MIGRATED) && - (asyncJob != VIR_ASYNC_JOB_MIGRATION_IN); + (asyncJob == VIR_ASYNC_JOB_MIGRATION_OUT); qemuExtDevicesStop(driver, vm, outgoingMigration); qemuDBusStop(driver, vm); -- 2.39.1

When starting a guest, helper processes are started first. But they need a bit of special handling. Just consider a regular cold boot and an incoming migration. For instance, in case of swtpm with its state on a shared volume, we want to set label on the state for the cold boot case, but don't want to touch the label in case of incoming migration (because the source very specifically did not restore it either). Until now, these two cases were differentiated by testing @incoming against NULL. And while that makes sense for other aspects of domain startup, for external devices we need a bit more, because a restore from a save file is also 'incoming migration'. Now, there is a difference between regular migration and restore from a save file. In the former case we do not want to set seclabels in the save state. BUT, in the latter case we do need to set them, because the code that saves the machine restored seclabels. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/qemu/qemu_process.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 6718915293..f9789650bc 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7621,6 +7621,7 @@ qemuProcessLaunch(virConnectPtr conn, size_t nnicindexes = 0; g_autofree int *nicindexes = NULL; unsigned long long maxMemLock = 0; + bool incomingMigrationExtDevices = false; VIR_DEBUG("conn=%p driver=%p vm=%p name=%s id=%d asyncJob=%d " "incoming.uri=%s " @@ -7675,7 +7676,13 @@ qemuProcessLaunch(virConnectPtr conn, if (qemuDomainSchedCoreStart(cfg, vm) < 0) goto cleanup; - if (qemuExtDevicesStart(driver, vm, incoming != NULL) < 0) + /* For external devices the rules of incoming migration are a bit stricter, + * than plain @incoming != NULL. They need to differentiate between + * incoming migration and restore from a save file. */ + incomingMigrationExtDevices = incoming && + vmop == VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START; + + if (qemuExtDevicesStart(driver, vm, incomingMigrationExtDevices) < 0) goto cleanup; if (!(cmd = qemuBuildCommandLine(vm, -- 2.39.1