On 10/7/19 6:49 PM, Cole Robinson wrote: > >From f772b3d91fd the intention of this code seems to be to set Is this leading '>' a bogus?

> format=NONE when the image does not have a backing file. However > 'buf' here is the whole qcow1 file header. What we want to be > checking is 'res' which is the parsed backing file path. > qcowXGetBackingStore sets this to NULL when there's no backing file. > > Signed-off-by: Cole Robinson <crobinso(a)redhat.com&gt; > --- This is unusual. Either the qcow file header 'buf' is being set to \0 when there is no backing file (which would make the current code work even when checking the wrong thing) or this is a bug that flew under the radar from a long time.

All the SetFileCon calls only differ by the label they pass in. Rework the conditionals to track what label we need, and use a single SetFileCon call Signed-off-by: Cole Robinson <crobinso(a)redhat.com&gt; --- src/security/security_selinux.c | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-)

This series is the first steps to teaching libvirt about qcow2 data_file support, aka external data files or qcow2 external metadata. A bit about the feature: it was added in qemu 4.0. It essentially creates a two part image file: a qcow2 layer that just tracks the image metadata, and a separate data file which is stores the VM disk contents. AFAICT the driving use case is to keep a fully coherent raw disk image on disk, and only use qcow2 as an intermediate metadata layer when necessary, for things like incremental backup support. The original qemu patch posting is here: https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg07496.html For testing, you can create a new qcow2+raw data_file image from an existing image, like: qemu-img convert -O qcow2 \ -o data_file=NEW.raw,data_file_raw=yes EXISTING.raw NEW.qcow2 The goal of this series is to teach libvirt enough about this case so that we can correctly relabel the data_file on VM startup/shutdown. The main functional changes are * Teach storagefile how to parse out data_file from the qcow2 header * Store the raw string as virStorageSource->externalDataStoreRaw * Track that as its out virStorageSource in externalDataStore * dac/selinux relabel externalDataStore as needed >From libvirt's perspective, externalDataStore is conceptually pretty close to a backingStore, but the main difference is its read/write permissions should match its parent image, rather than being readonly like backingStore. This series has only been tested on top of the -blockdev enablement series, but I don't think it actually interacts with that work at the moment. Future work: * Exposing this in the runtime XML. We need to figure out an XML schema. It will reuse virStorageSource obviously, but the main thing to figure out is probably 1) what the top element name should be ('dataFile' maybe?), 2) where it sits in the XML hierarchy (under <disk> or under <source> I guess) * Exposing this on the qemu -blockdev command line. Similar to how in the blockdev world we are explicitly putting the disk backing chain on the command line, we can do that for data_file too. Then like persistent <backingStore> XML the user will have the power to overwrite the data_file location for an individual VM run. * Figure out how we expect ovirt/rhev to be using this at runtime. Possibly taking a running VM using a raw image, doing blockdev-* magic to pivot it to qcow2+raw data_file, so it can initiate incremental backup on top of a previously raw only VM? Known issues: * In the qemu driver, the qcow2 image metadata is only parsed in -blockdev world if no <backingStore> is specified in the persistent XML. So basically if there's a <backingStore> listed, we never parse the qcow2 header and detect the presence of data_file. Fixable I'm sure but I didn't look into it much yet. Most of this is cleanups and refactorings to simplify the actual functional changes. Cole Robinson (30): storagefile: Make GetMetadataInternal static storagefile: qcow1: Check for BACKING_STORE_OK storagefile: qcow1: Fix check for empty backing file storagefile: qcow1: Let qcowXGetBackingStore fill in format storagefile: Check version to determine if qcow2 or not storagefile: Drop now unused isQCow2 argument storagefile: Use qcowXGetBackingStore directly storagefile: Push 'start' into qcow2GetBackingStoreFormat storagefile: Push extension_end calc to qcow2GetBackingStoreFormat storagefile: Rename qcow2GetBackingStoreFormat storagefile: Rename qcow2GetExtensions 'format' argument storagefile: Fix backing format \0 check storagefile: Add externalDataStoreRaw member storagefile: Parse qcow2 external data file storagefile: Fill in meta->externalDataStoreRaw storagefile: Don't access backingStoreRaw directly in FromBackingRelative storagefile: Split out virStorageSourceNewFromChild storagefile: Add externalDataStore member storagefile: Fill in meta->externalDataStore security: dac: Drop !parent handling in SetImageLabelInternal security: dac: Add is_toplevel to SetImageLabelInternal security: dac: Restore image label for externalDataStore security: dac: break out SetImageLabelRelative security: dac: Label externalDataStore security: selinux: Simplify SetImageLabelInternal security: selinux: Drop !parent handling in SetImageLabelInternal security: selinux: Add is_toplevel to SetImageLabelInternal security: selinux: Restore image label for externalDataStore security: selinux: break out SetImageLabelRelative security: selinux: Label externalDataStore src/libvirt_private.syms | 1 - src/security/security_dac.c | 63 +++++-- src/security/security_selinux.c | 97 +++++++---- src/util/virstoragefile.c | 281 ++++++++++++++++++++------------ src/util/virstoragefile.h | 11 +- 5 files changed, 290 insertions(+), 163 deletions(-) -- 2.23.0 -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

On 10/10/19 11:25 PM, Han Han wrote: > Hi Cole, > I merged crobinso/qcow2-data_file branch to 37b565c00. Reserved new > capabilities introduced by these to branches to resolve conflicts. > Then build and test as following: > # ./autogen.sh&& ./configure --without-libssh > --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu > --program-prefix= --disable-dependency-tracking --prefix=/usr > --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin > --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include > --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var > --sharedstatedir=/var/lib --mandir=/usr/share/man > --infodir=/usr/share/info --with-qemu --without-openvz --without-lxc > --without-vbox --without-libxl --with-sasl --with-polkit --with-libvirtd > --without-phyp --with-esx --without-hyperv --without-vmware > --without-xenapi --without-vz --without-bhyve --with-interface > --with-network --with-storage-fs --with-storage-lvm --with-storage-iscsi > --with-storage-iscsi-direct --with-storage-scsi --with-storage-disk > --with-storage-mpath --with-storage-rbd --without-storage-sheepdog > --with-storage-gluster --without-storage-zfs --without-storage-vstorage > --with-numactl --with-numad --with-capng --without-fuse --with-netcf > --with-selinux --with-selinux-mount=/sys/fs/selinux --without-apparmor > --without-hal --with-udev --with-yajl --with-sanlock --with-libpcap > --with-macvtap --with-audit --with-dtrace --with-driver-modules > --with-firewalld --with-firewalld-zone --without-wireshark-dissector > --without-pm-utils --with-nss-plugin '--with-packager=Unknown, > 2019-08-19-12:13:01, lab.rhel8.me <http://lab.rhel8.me>' > --with-packager-version=1.el8 --with-qemu-user=qemu > --with-qemu-group=qemu --with-tls-priority=@LIBVIRT,SYSTEM > --enable-werror --enable-expensive-tests --with-init-script=systemd > --without-login-shell && make > > Start libvirtd and virtlogd > # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" src/.libs/libvirtd > # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" ./src/virtlogd > > Then try to list all domains: > # virsh list --all > > Libvirtd exits with segment fault: > [1] 30104 segmentation fault (core dumped) LD_PRELOAD="$(find src > -name '*.so.*'|tr '\n' ' ')" src/.libs/libvirtd > > Version: > qemu-4.1 > > Backtrace: > (gdb) bt > #0 0x00007fbe57a0d1b9 in virDomainVirtioSerialAddrSetAddControllers > (def=<optimized out>, def=<optimized out>, addrs=<optimized out>) at > conf/domain_addr.c:1656 > #1 virDomainVirtioSerialAddrSetCreateFromDomain > (def=def@entry=0x7fbde81cc3f0) at conf/domain_addr.c:1753 > #2 0x00007fbe0179897e in qemuDomainAssignVirtioSerialAddresses > (def=0x7fbde81cc3f0) at qemu/qemu_domain_address.c:3174 > #3 qemuDomainAssignAddresses (def=0x7fbde81cc3f0, > qemuCaps=0x7fbde81d2210, driver=0x7fbde8126850, obj=0x0, > newDomain=<optimized out>) at qemu/qemu_domain_address.c:3174 > #4 0x00007fbe57a39e0d in virDomainDefPostParse > (def=def@entry=0x7fbde81cc3f0, caps=caps@entry=0x7fbde8154d20, > parseFlags=parseFlags@entry=4610, xmlopt=xmlopt@entry=0x7fbde83ce070, > parseOpaque=parseOpaque@entry=0x0) at conf/domain_conf.c:5858 > #5 0x00007fbe57a525c5 in virDomainDefParseNode (xml=<optimized out>, > root=0x7fbde83c5ff0, caps=0x7fbde8154d20, xmlopt=0x7fbde83ce070, > parseOpaque=0x0, flags=4610) at conf/domain_conf.c:21677 > #6 0x00007fbe57a526c8 in virDomainDefParse (xmlStr=xmlStr@entry=0x0, > filename=<optimized out>, caps=caps@entry=0x7fbde8154d20, > xmlopt=xmlopt@entry=0x7fbde83ce070, parseOpaque=parseOpaque@entry=0x0, > flags=flags@entry=4610) at conf/domain_conf.c:21628 > #7 0x00007fbe57a528f6 in virDomainDefParseFile (filename=<optimized > out>, caps=caps@entry=0x7fbde8154d20, > xmlopt=xmlopt@entry=0x7fbde83ce070, parseOpaque=parseOpaque@entry=0x0, > flags=flags@entry=4610) > at conf/domain_conf.c:21653 > #8 0x00007fbe57a5e16a in virDomainObjListLoadConfig (opaque=0x0, > notify=0x0, name=0x7fbde81d7ff3 "pc", autostartDir=0x7fbde8124070 > "/etc/libvirt/qemu/autostart", configDir=0x7fbde8124050 > "/etc/libvirt/qemu", > xmlopt=0x7fbde83ce070, caps=0x7fbde8154d20, doms=0x7fbde8126940) at > conf/virdomainobjlist.c:503 > #9 virDomainObjListLoadAllConfigs (doms=0x7fbde8126940, > configDir=0x7fbde8124050 "/etc/libvirt/qemu", > autostartDir=0x7fbde8124070 "/etc/libvirt/qemu/autostart", > liveStatus=liveStatus@entry=false, > caps=0x7fbde8154d20, xmlopt=0x7fbde83ce070, notify=0x0, opaque=0x0) > at conf/virdomainobjlist.c:625 > #10 0x00007fbe017f57e2 in qemuStateInitialize (privileged=true, > callback=<optimized out>, opaque=<optimized out>) at > qemu/qemu_driver.c:1007 > #11 0x00007fbe57b8033d in virStateInitialize (privileged=true, > mandatory=mandatory@entry=false, callback=callback@entry=0x55dfb702ecc0 > <daemonInhibitCallback>, opaque=opaque@entry=0x55dfb8869d60) > at libvirt.c:666 > #12 0x000055dfb702ed1d in daemonRunStateInit (opaque=0x55dfb8869d60) at > remote/remote_daemon.c:846 > #13 0x00007fbe579f4be2 in virThreadHelper (data=<optimized out>) at > util/virthread.c:196 > #14 0x00007fbe55a322de in start_thread (arg=<optimized out>) at > pthread_create.c:486 > #15 0x00007fbe55763133 in clone () at > ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 > > Could you please check this issue? > The full threads backtrace is in attachment > Hello, the git bisect shows that is the first bad commit:

Thanks for checking. I'm struggling to see how that backtrace could be related to this series, or even determine what the issue is. Can you confirm that master branch doesn't have any issue? If it doesn't, can you bisect the series to figure out where the offending patch is? Thanks, Cole

On 10/12/19 11:07 AM, Han Han wrote: > > > On Sat, Oct 12, 2019 at 1:05 AM Cole Robinson <crobinso(a)redhat.com > <mailto:crobinso@redhat.com>> wrote: > > On 10/10/19 11:25 PM, Han Han wrote: > > Hi Cole, > > I merged crobinso/qcow2-data_file branch to 37b565c00. Reserved new > > capabilities introduced by these to branches to resolve conflicts. > > Then build and test as following: > > # ./autogen.sh&& ./configure --without-libssh > > --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu > > --program-prefix= --disable-dependency-tracking --prefix=/usr > > --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin > > --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include > > --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var > > --sharedstatedir=/var/lib --mandir=/usr/share/man > > --infodir=/usr/share/info --with-qemu --without-openvz --without-lxc > > --without-vbox --without-libxl --with-sasl --with-polkit > --with-libvirtd > > --without-phyp --with-esx --without-hyperv --without-vmware > > --without-xenapi --without-vz --without-bhyve --with-interface > > --with-network --with-storage-fs --with-storage-lvm > --with-storage-iscsi > > --with-storage-iscsi-direct --with-storage-scsi --with-storage-disk > > --with-storage-mpath --with-storage-rbd --without-storage-sheepdog > > --with-storage-gluster --without-storage-zfs > --without-storage-vstorage > > --with-numactl --with-numad --with-capng --without-fuse --with-netcf > > --with-selinux --with-selinux-mount=/sys/fs/selinux > --without-apparmor > > --without-hal --with-udev --with-yajl --with-sanlock --with-libpcap > > --with-macvtap --with-audit --with-dtrace --with-driver-modules > > --with-firewalld --with-firewalld-zone --without-wireshark-dissector > > --without-pm-utils --with-nss-plugin '--with-packager=Unknown, > > 2019-08-19-12:13:01, lab.rhel8.me <http://lab.rhel8.me> > <http://lab.rhel8.me>' > > --with-packager-version=1.el8 --with-qemu-user=qemu > > --with-qemu-group=qemu --with-tls-priority=@LIBVIRT,SYSTEM > > --enable-werror --enable-expensive-tests --with-init-script=systemd > > --without-login-shell && make > > > > Start libvirtd and virtlogd > > # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" > src/.libs/libvirtd > > # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" ./src/virtlogd > > > > Then try to list all domains: > > # virsh list --all > > > > Libvirtd exits with segment fault: > > [1] 30104 segmentation fault (core dumped) LD_PRELOAD="$(find src > > -name '*.so.*'|tr '\n' ' ')" src/.libs/libvirtd > > > > Version: > > qemu-4.1 > > > > Backtrace: > > (gdb) bt > > #0 0x00007fbe57a0d1b9 in virDomainVirtioSerialAddrSetAddControllers > > (def=<optimized out>, def=<optimized out>, addrs=<optimized out>) at > > conf/domain_addr.c:1656 > > #1 virDomainVirtioSerialAddrSetCreateFromDomain > > (def=def@entry=0x7fbde81cc3f0) at conf/domain_addr.c:1753 > > #2 0x00007fbe0179897e in qemuDomainAssignVirtioSerialAddresses > > (def=0x7fbde81cc3f0) at qemu/qemu_domain_address.c:3174 > > #3 qemuDomainAssignAddresses (def=0x7fbde81cc3f0, > > qemuCaps=0x7fbde81d2210, driver=0x7fbde8126850, obj=0x0, > > newDomain=<optimized out>) at qemu/qemu_domain_address.c:3174 > > #4 0x00007fbe57a39e0d in virDomainDefPostParse > > (def=def@entry=0x7fbde81cc3f0, caps=caps@entry=0x7fbde8154d20, > > parseFlags=parseFlags@entry=4610, xmlopt=xmlopt@entry =0x7fbde83ce070, > > parseOpaque=parseOpaque@entry=0x0) at conf/domain_conf.c:5858 > > #5 0x00007fbe57a525c5 in virDomainDefParseNode (xml=<optimized out>, > > root=0x7fbde83c5ff0, caps=0x7fbde8154d20, xmlopt=0x7fbde83ce070, > > parseOpaque=0x0, flags=4610) at conf/domain_conf.c:21677 > > #6 0x00007fbe57a526c8 in virDomainDefParse (xmlStr=xmlStr@entry =0x0, > > filename=<optimized out>, caps=caps@entry=0x7fbde8154d20, > > xmlopt=xmlopt@entry=0x7fbde83ce070, parseOpaque=parseOpaque@entry =0x0, > > flags=flags@entry=4610) at conf/domain_conf.c:21628 > > #7 0x00007fbe57a528f6 in virDomainDefParseFile (filename=<optimized > > out>, caps=caps@entry=0x7fbde8154d20, > > xmlopt=xmlopt@entry=0x7fbde83ce070, > parseOpaque=parseOpaque@entry=0x0, > > flags=flags@entry=4610) > > at conf/domain_conf.c:21653 > > #8 0x00007fbe57a5e16a in virDomainObjListLoadConfig (opaque=0x0, > > notify=0x0, name=0x7fbde81d7ff3 "pc", autostartDir=0x7fbde8124070 > > "/etc/libvirt/qemu/autostart", configDir=0x7fbde8124050 > > "/etc/libvirt/qemu", > > xmlopt=0x7fbde83ce070, caps=0x7fbde8154d20, > doms=0x7fbde8126940) at > > conf/virdomainobjlist.c:503 > > #9 virDomainObjListLoadAllConfigs (doms=0x7fbde8126940, > > configDir=0x7fbde8124050 "/etc/libvirt/qemu", > > autostartDir=0x7fbde8124070 "/etc/libvirt/qemu/autostart", > > liveStatus=liveStatus@entry=false, > > caps=0x7fbde8154d20, xmlopt=0x7fbde83ce070, notify=0x0, > opaque=0x0) > > at conf/virdomainobjlist.c:625 > > #10 0x00007fbe017f57e2 in qemuStateInitialize (privileged=true, > > callback=<optimized out>, opaque=<optimized out>) at > > qemu/qemu_driver.c:1007 > > #11 0x00007fbe57b8033d in virStateInitialize (privileged=true, > > mandatory=mandatory@entry=false, > callback=callback@entry=0x55dfb702ecc0 > > <daemonInhibitCallback>, opaque=opaque@entry=0x55dfb8869d60) > > at libvirt.c:666 > > #12 0x000055dfb702ed1d in daemonRunStateInit > (opaque=0x55dfb8869d60) at > > remote/remote_daemon.c:846 > > #13 0x00007fbe579f4be2 in virThreadHelper (data=<optimized out>) at > > util/virthread.c:196 > > #14 0x00007fbe55a322de in start_thread (arg=<optimized out>) at > > pthread_create.c:486 > > #15 0x00007fbe55763133 in clone () at > > ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 > > > > Could you please check this issue? > > The full threads backtrace is in attachment > > > > Hello, the git bisect shows that is the first bad commit: > 192229f3a76ccc1b98a2c9e24f1feb0465b87a0b is the first bad commit > commit 192229f3a76ccc1b98a2c9e24f1feb0465b87a0b > Author: Cole Robinson <crobinso(a)redhat.com <mailto:crobinso@redhat.com>> > Date: Fri Oct 4 19:57:55 2019 -0400 > > storagefile: Push extension_end calc to qcow2GetBackingStoreFormat > > This is a step towards making this qcow2GetBackingStoreFormat into > a generic qcow2 extensions parser > > Signed-off-by: Cole Robinson <crobinso(a)redhat.com > <mailto:crobinso@redhat.com>> > > > Steps: > 1. Merge crobinso/qcow2-data_file branch to 37b565c00. > 2. Copy .gdbinit to libvirt source dir. Change the arguments values of > check-segv.sh > 3. Set v5.8.0 as the start of bisect. Then start bisect. > # git bisect start HEAD v5.8.0 > # git bisect run /tmp/check-segv.sh > I'm still quite confused. Maybe something I'm missing in one of these commits is causing memory corruption that is manifesting elsewhere? Can you provide full LIBVIRT_DEBUG=1 output when starting libvirtd? You can use git master now because the patches have been pushed. I suggest hosting the output somewhere rather than attaching it here, because it will probably be large Also, if you can pinpoint what VM XML that is being parsed when this crashes, and post that too, it might help. Thanks, Cole

This series is the first steps to teaching libvirt about qcow2 data_file support, aka external data files or qcow2 external metadata. A bit about the feature: it was added in qemu 4.0. It essentially creates a two part image file: a qcow2 layer that just tracks the image metadata, and a separate data file which is stores the VM disk contents. AFAICT the driving use case is to keep a fully coherent raw disk image on disk, and only use qcow2 as an intermediate metadata layer when necessary, for things like incremental backup support. The original qemu patch posting is here: https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg07496.html For testing, you can create a new qcow2+raw data_file image from an existing image, like: qemu-img convert -O qcow2 \ -o data_file=NEW.raw,data_file_raw=yes EXISTING.raw NEW.qcow2 The goal of this series is to teach libvirt enough about this case so that we can correctly relabel the data_file on VM startup/shutdown. The main functional changes are * Teach storagefile how to parse out data_file from the qcow2 header * Store the raw string as virStorageSource->externalDataStoreRaw * Track that as its out virStorageSource in externalDataStore * dac/selinux relabel externalDataStore as needed >From libvirt's perspective, externalDataStore is conceptually pretty close to a backingStore, but the main difference is its read/write permissions should match its parent image, rather than being readonly like backingStore. This series has only been tested on top of the -blockdev enablement series, but I don't think it actually interacts with that work at the moment. Future work: * Exposing this in the runtime XML. We need to figure out an XML schema. It will reuse virStorageSource obviously, but the main thing to figure out is probably 1) what the top element name should be ('dataFile' maybe?), 2) where it sits in the XML hierarchy (under <disk> or under <source> I guess) * Exposing this on the qemu -blockdev command line. Similar to how in the blockdev world we are explicitly putting the disk backing chain on the command line, we can do that for data_file too. Then like persistent <backingStore> XML the user will have the power to overwrite the data_file location for an individual VM run. * Figure out how we expect ovirt/rhev to be using this at runtime. Possibly taking a running VM using a raw image, doing blockdev-* magic to pivot it to qcow2+raw data_file, so it can initiate incremental backup on top of a previously raw only VM? Known issues: * In the qemu driver, the qcow2 image metadata is only parsed in -blockdev world if no <backingStore> is specified in the persistent XML. So basically if there's a <backingStore> listed, we never parse the qcow2 header and detect the presence of data_file. Fixable I'm sure but I didn't look into it much yet. Most of this is cleanups and refactorings to simplify the actual functional changes. Cole Robinson (30): storagefile: Make GetMetadataInternal static storagefile: qcow1: Check for BACKING_STORE_OK storagefile: qcow1: Fix check for empty backing file storagefile: qcow1: Let qcowXGetBackingStore fill in format storagefile: Check version to determine if qcow2 or not storagefile: Drop now unused isQCow2 argument storagefile: Use qcowXGetBackingStore directly storagefile: Push 'start' into qcow2GetBackingStoreFormat storagefile: Push extension_end calc to qcow2GetBackingStoreFormat storagefile: Rename qcow2GetBackingStoreFormat storagefile: Rename qcow2GetExtensions 'format' argument storagefile: Fix backing format \0 check storagefile: Add externalDataStoreRaw member storagefile: Parse qcow2 external data file storagefile: Fill in meta->externalDataStoreRaw storagefile: Don't access backingStoreRaw directly in FromBackingRelative storagefile: Split out virStorageSourceNewFromChild storagefile: Add externalDataStore member storagefile: Fill in meta->externalDataStore security: dac: Drop !parent handling in SetImageLabelInternal security: dac: Add is_toplevel to SetImageLabelInternal security: dac: Restore image label for externalDataStore security: dac: break out SetImageLabelRelative security: dac: Label externalDataStore security: selinux: Simplify SetImageLabelInternal security: selinux: Drop !parent handling in SetImageLabelInternal security: selinux: Add is_toplevel to SetImageLabelInternal security: selinux: Restore image label for externalDataStore security: selinux: break out SetImageLabelRelative security: selinux: Label externalDataStore src/libvirt_private.syms | 1 - src/security/security_dac.c | 63 +++++-- src/security/security_selinux.c | 97 +++++++---- src/util/virstoragefile.c | 281 ++++++++++++++++++++------------ src/util/virstoragefile.h | 11 +- 5 files changed, 290 insertions(+), 163 deletions(-)

On Mon, Oct 07, 2019 at 05:49:14PM -0400, Cole Robinson wrote: > This series is the first steps to teaching libvirt about qcow2 > data_file support, aka external data files or qcow2 external metadata. > > A bit about the feature: it was added in qemu 4.0. It essentially > creates a two part image file: a qcow2 layer that just tracks the > image metadata, and a separate data file which is stores the VM > disk contents. AFAICT the driving use case is to keep a fully coherent > raw disk image on disk, and only use qcow2 as an intermediate metadata > layer when necessary, for things like incremental backup support. > > The original qemu patch posting is here: > https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg07496.html > > For testing, you can create a new qcow2+raw data_file image from an > existing image, like: > >    qemu-img convert -O qcow2 \ >        -o data_file=NEW.raw,data_file_raw=yes >        EXISTING.raw NEW.qcow2 > > The goal of this series is to teach libvirt enough about this case > so that we can correctly relabel the data_file on VM startup/shutdown. > The main functional changes are > >  * Teach storagefile how to parse out data_file from the qcow2 header >  * Store the raw string as virStorageSource->externalDataStoreRaw >  * Track that as its out virStorageSource in externalDataStore >  * dac/selinux relabel externalDataStore as needed > >> From libvirt's perspective, externalDataStore is conceptually pretty > close to a backingStore, but the main difference is its read/write > permissions should match its parent image, rather than being readonly > like backingStore. > > This series has only been tested on top of the -blockdev enablement > series, but I don't think it actually interacts with that work at > the moment. > > > Future work: >  * Exposing this in the runtime XML. We need to figure out an XML This also belongs in the persistent XML.

>    schema. It will reuse virStorageSource obviously, but the main >    thing to figure out is probably 1) what the top element name >    should be ('dataFile' maybe?), 2) where it sits in the XML >    hierarchy (under <disk> or under <source> I guess) > <metadataStore> maybe?

>>  * Exposing this on the qemu -blockdev command line. Similar to how >    in the blockdev world we are explicitly putting the disk backing >    chain on the command line, we can do that for data_file too. Historically, not being explicit on the command line and letting QEMU do the right thing has bitten us, so yes, we have to do it for data_file too. > Then >    like persistent <backingStore> XML the user will have the power >    to overwrite the data_file location for an individual VM run. > If the point of the thin qcow2 layer is to contain the dirty bitmaps for incremental backup then running this then you might as well use a different metadata_file? Otherwise the metadata won't match the actual data.

OTOH, I can imagine throwing away the metadata file and starting over.

>  * Figure out how we expect ovirt/rhev to be using this at runtime. >    Possibly taking a running VM using a raw image, doing blockdev-* >    magic to pivot it to qcow2+raw data_file, so it can initiate >    incremental backup on top of a previously raw only VM? > > > Known issues: >  * In the qemu driver, the qcow2 image metadata is only parsed >    in -blockdev world if no <backingStore> is specified in the >    persistent XML. So basically if there's a <backingStore> listed, >    we never parse the qcow2 header and detect the presence of >    data_file. Fixable I'm sure but I didn't look into it much yet. This will be fixed by introducing an XML element for it.

Hello Cole, one issue is found: The qcow2 data file XTTRs is not cleaned on external snapshot when -blockdev is not enabled Versions: libvirt v5.8.0-134-g9d03e9adf1 qemu-kvm-4.1.0-13.module+el8.1.0+4313+ef76ec61.x86_64 Steps: 1. Convert a OS image to qcow2&qcow2 data file: # qemu-img convert -O qcow2 -o data_file=/var/lib/libvirt/images/pc-data.raw,data_file_raw=on /var/lib/libvirt/images/pc.qcow2 /var/lib/libvirt/images/pc-data.qcow2 2. Build and start libvirt source, start libvirt daemon: # make clean && CC=/usr/lib64/ccache/cc ./autogen.sh&&./configure --without-libssh --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-qemu --without-openvz --without-lxc --without-vbox --without-libxl --with-sasl --with-polkit --with-libvirtd --without-phyp --with-esx --without-hyperv --without-vmware --without-xenapi --without-vz --without-bhyve --with-interface --with-network --with-storage-fs --with-storage-lvm --with-storage-iscsi --with-storage-iscsi-direct --with-storage-scsi --with-storage-disk --with-storage-mpath --with-storage-rbd --without-storage-sheepdog --with-storage-gluster --without-storage-zfs --without-storage-vstorage --with-numactl --with-numad --with-capng --without-fuse --with-netcf --with-selinux --with-selinux-mount=/sys/fs/selinux --without-apparmor --without-hal --with-udev --with-yajl --with-sanlock --with-libpcap --with-macvtap --with-audit --with-dtrace --with-driver-modules --with-firewalld --with-firewalld-zone --without-wireshark-dissector --without-pm-utils --with-nss-plugin '--with-packager=Unknown, 2019-08-19-12:13:01, lab.rhel8.me <http://lab.rhel8.me>' --with-packager-version=1.el8 --with-qemu-user=qemu --with-qemu-group=qemu --with-tls-priority=@LIBVIRT,SYSTEM --enable-werror --enable-expensive-tests --with-init-script=systemd --without-login-shell && make -j8 # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" src/.libs/virtlogd # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" LIBVIRT_DEBUG=3 LIBVIRT_LOG_FILTERS="1:util 1:qemu 1:security" LIBVIRT_LOG_OUTPUTS="1:file:/tmp/libvirt_daemon.log" src/.libs/libvirtd 3. Define and start an VM with the qcow2&qcow2 data file. Note that the -blockdev is not enabled # virsh define pc-data.xml # virsh start pc-data 4. Create snapshot and check the data file XATTRs: # virsh snapshot-create-as pc-data s1 --no-metadata --disk-only # getfattr -m - -d /var/lib/libvirt/images/pc-data.raw getfattr: Removing leading '/' from absolute path names # file: var/lib/libvirt/images/pc-data.raw security.selinux="unconfined_u:object_r:svirt_image_t:s0:c775,c1011" trusted.libvirt.security.dac="+107:+107" trusted.libvirt.security.ref_dac="1" trusted.libvirt.security.ref_selinux="1" trusted.libvirt.security.selinux="unconfined_u:object_r:svirt_image_t:s0:c284,c367" trusted.libvirt.security.timestamp_dac="1563328069" trusted.libvirt.security.timestamp_selinux="1563328069" Shutdown the VM. The XATTRs of data file is not changed. It is not expected. The XTTRs should not contain *.libvirt.* Issue is not reproduced with -blockdev enabled: <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> ...   <qemu:capabilities>     <qemu:add capability='blockdev'/>     <qemu:del capability='drive'/>   </qemu:capabilities> </domain> See the libvirt daemon log and vm xml in attachment.

This series is the first steps to teaching libvirt about qcow2 data_file support, aka external data files or qcow2 external metadata. A bit about the feature: it was added in qemu 4.0. It essentially creates a two part image file: a qcow2 layer that just tracks the image metadata, and a separate data file which is stores the VM

disk contents. AFAICT the driving use case is to keep a fully coherent raw disk image on disk, and only use qcow2 as an intermediate metadata layer when necessary, for things like incremental backup support. The original qemu patch posting is here: https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg07496.html For testing, you can create a new qcow2+raw data_file image from an existing image, like: qemu-img convert -O qcow2 \ -o data_file=NEW.raw,data_file_raw=yes EXISTING.raw NEW.qcow2

The goal of this series is to teach libvirt enough about this case so that we can correctly relabel the data_file on VM startup/shutdown. The main functional changes are * Teach storagefile how to parse out data_file from the qcow2 header * Store the raw string as virStorageSource->externalDataStoreRaw * Track that as its out virStorageSource in externalDataStore * dac/selinux relabel externalDataStore as needed

On 17 Oct 2019, at 14:35, Cole Robinson <crobinso(a)redhat.com&gt; wrote: Hmm why wasn't I in to/cc list, was that intentional?

On 10/17/19 5:26 AM, Christophe de Dinechin wrote: > > Cole Robinson writes: > >> This series is the first steps to teaching libvirt about qcow2 >> data_file support, aka external data files or qcow2 external metadata. >> >> A bit about the feature: it was added in qemu 4.0. It essentially >> creates a two part image file: a qcow2 layer that just tracks the >> image metadata, and a separate data file which is stores the VM > > s/is stores/stores/ Indeed, but what's the benefit of correcting grammar in a cover letter for already applied patches?

> > What happens if you try to do that in place, i.e. EXISTING==NEW? > Results in an unbootable image in my testing. I'm guessing it initializes the raw image first, similar to trying to use 'qemu-img create' with an existing raw image as data_file https://bugzilla.redhat.com/show_bug.cgi?id=1688814#c8 <https://bugzilla.redhat.com/show_bug.cgi?id=1688814#c8>